the rising danger of syn reflection ddos attacks
Post on 18-Nov-2014
947 Views
Preview:
DESCRIPTION
TRANSCRIPT
www.prolexic.com
Denial of Service: SYN Reflection Attacks
How to protect your network
www.prolexic.com2 CONFIDENTIAL
SYN reflection attacks go mainstream
• Distributed reflection and amplification denial of service attack, or DrDoS
• Malicious use of the TCP/IP Internet communication handshake
• One of the more sophisticated DDoS attack methods
• Growing in popularity due to DDoS-as-a-Service apps
• Now even a novice can launch a SYN attack
www.prolexic.com3 CONFIDENTIAL
DDoS-as-a-Service: Even a novice can do it
• Malicious actors wrap web-based user interfaces around sophisticated scripts
• Convenient DDoS-as-a-Service apps
• Attackers can launch the DDoS app from a smartphone or computer
www.prolexic.com4 CONFIDENTIAL
SYN reflection attack: Misuse of the TCP handshake
• The attacker’s target must support the Transmission Control Protocol (TCP), a common Internet protocol
• TCP lets computers transmit data over the Internet, such as web pages and email
• Before data is transmitted between machines, the computers must first establish a connection by a multi-step SYN-ACK handshake
• If a handshake cannot be completed, the computers repeat the attempt
www.prolexic.com5 CONFIDENTIAL
What is a SYN flood?
• SYN connection requests are repeated in rapid succession, until the target is overwhelmed
www.prolexic.com6 CONFIDENTIAL
Spoofing misdirects the handshakes
• At least three systems are involved: – The attacker’s– An intermediary victim – one or many– The target
• Spoofing allows the attacker to pretend the target server is the source of the handshake requests
• The attacker gets the victim to try to connect to the target
• Excessive connection requests overwhelm the victim and the target
www.prolexic.com7 CONFIDENTIAL
What is a SYN reflection attack?
• A malicious actor bounces SYN requests off an intermediary victim machine
www.prolexic.com8
SYN attack mitigation:Minimize backscatter from mitigation devices
• Automated mitigation devices challenge SYN attacks to ensure they are legitimate
• But unmanned DDoS mitigation devices can create backscatter, compounding the effects of an attack
• The mitigation equipment will keep challenging the request from the spoofed IP address
• The result is backscatter toward the target server• Packet analysis can minimize backscatter
www.prolexic.com9
Learn more in the white paper
• Download the DrDoS white paper: Analysis of SYN Reflection Attacks
• In this white paper, you’ll learn:– Why SYN reflection attacks create so much damage– How attackers misuse the TCP handshake – The problem of backscatter– SYN reflection attack scenario– Three common SYN reflection techniques– SYN mitigation techniques– Attack signature to identify and stop spoofed SYN
reflection attacks
www.prolexic.com10
About Prolexic
• Prolexic Technologies is the world’s largest and most trusted provider of DDoS protection and mitigation services.
• Prolexic has successfully stopped DDoS attacks for more than a decade.
• We can stop even the largest attacks that exceed the capabilities of other DDoS mitigation service providers.
top related