Embed Size (px)
DESCRIPTION
SYN reflection attacks are a sophisticated distributed denial of service – or DDoS – attack method that usually requires some skill to execute. However, SYN reflection attacks have recently grown in popularity as software developers in the criminal underground have begun to offer easy-to-use applications that use SYN reflection scripts in DDoS-as-a-Service applications. Now even novices can launch SYN reflection attacks. Learn more about the threat of SYN DDoS and DrDoS attacks in this short presentation.
Citation preview
www.prolexic.com
Denial of Service: SYN Reflection Attacks
How to protect your network
www.prolexic.com2 CONFIDENTIAL
SYN reflection attacks go mainstream
• Distributed reflection and amplification denial of service attack, or DrDoS
• Malicious use of the TCP/IP Internet communication handshake
• One of the more sophisticated DDoS attack methods
• Growing in popularity due to DDoS-as-a-Service apps
• Now even a novice can launch a SYN attack
www.prolexic.com3 CONFIDENTIAL
DDoS-as-a-Service: Even a novice can do it
• Malicious actors wrap web-based user interfaces around sophisticated scripts
• Convenient DDoS-as-a-Service apps
• Attackers can launch the DDoS app from a smartphone or computer
www.prolexic.com4 CONFIDENTIAL
SYN reflection attack: Misuse of the TCP handshake
• The attacker’s target must support the Transmission Control Protocol (TCP), a common Internet protocol
• TCP lets computers transmit data over the Internet, such as web pages and email
• Before data is transmitted between machines, the computers must first establish a connection by a multi-step SYN-ACK handshake
• If a handshake cannot be completed, the computers repeat the attempt
www.prolexic.com5 CONFIDENTIAL
What is a SYN flood?
• SYN connection requests are repeated in rapid succession, until the target is overwhelmed
www.prolexic.com6 CONFIDENTIAL
Spoofing misdirects the handshakes
• At least three systems are involved: – The attacker’s– An intermediary victim – one or many– The target
• Spoofing allows the attacker to pretend the target server is the source of the handshake requests
• The attacker gets the victim to try to connect to the target
• Excessive connection requests overwhelm the victim and the target
www.prolexic.com7 CONFIDENTIAL
What is a SYN reflection attack?
• A malicious actor bounces SYN requests off an intermediary victim machine
www.prolexic.com8
SYN attack mitigation:Minimize backscatter from mitigation devices
• Automated mitigation devices challenge SYN attacks to ensure they are legitimate
• But unmanned DDoS mitigation devices can create backscatter, compounding the effects of an attack
• The mitigation equipment will keep challenging the request from the spoofed IP address
• The result is backscatter toward the target server• Packet analysis can minimize backscatter
www.prolexic.com9
Learn more in the white paper
• Download the DrDoS white paper: Analysis of SYN Reflection Attacks
• In this white paper, you’ll learn:– Why SYN reflection attacks create so much damage– How attackers misuse the TCP handshake – The problem of backscatter– SYN reflection attack scenario– Three common SYN reflection techniques– SYN mitigation techniques– Attack signature to identify and stop spoofed SYN
reflection attacks
www.prolexic.com10
About Prolexic
• Prolexic Technologies is the world’s largest and most trusted provider of DDoS protection and mitigation services.
• Prolexic has successfully stopped DDoS attacks for more than a decade.
• We can stop even the largest attacks that exceed the capabilities of other DDoS mitigation service providers.
