Logo

Focuses on exhausting Network Bandwidth

Syn Flood

Reference: TCP & UDP

Pasted image 20240809004417.png

Protocol: TCP Three-Way Handshake

  • SYN (Synchronize): The client sends a SYN packet to the server, indicating a request to establish a TCP connection.
  • SYN-ACK (Synchronize-Acknowledge): The server responds with a SYN-ACK packet, acknowledging the SYN request and reserving resources for the potential connection.
  • ACK (Acknowledge): The client sends an ACK packet back to the server, completing the handshake, and the connection is established.

Half-Open Connections:

  • The server responds with SYN-ACK packets and waits for the final ACK from the client to complete the connection.
  • However, since the ACK never arrives (due to spoofed IPs or because the attacker does not send them), the server keeps these connections in a half-open state.

Mitigation Methods

  1. SYN Cookies:

    • Encode conn info in SYN packet, verify & allocate res. only after last ACK
    • Can be enabled via configuration settings - most Web Servers have it.

  2. Firewall Config & API Proxy

    • Rate Limiters
    • Access Control List - block Spoofed IPs
    • Connection Timeouts
    • Intrusion Prevention System (IPS) - Anamoly Detection
    • Traffic Scrubbing

  3. Network Filtering

    • Ingress Filtering - block spoofed IP
    • Bogon Filtering - invalid / reserved IP

ICMP Flood

Pasted image 20240819144153.png

Protocol: ICMP

  1. Initiation: Sends Large number of ICMP Echo Request packet(pings)
  2. Server Response: Replies with ICMP Response

Mitigation Methods

  • Methods
    • Rate Limiting - iptables & sysctl for ICMP req & resp. limits
    • ICMP Packet filtering
    • Analysis & Monitoring
    • Ingress & Egress Filters

© 2025 All rights reservedBuilt with DataHub Cloud

Built with LogoDataHub Cloud