Experts at Radware DDoS protection solution provider recently have discovered a new form of DDoS attack they dubbed “Tsunami SYN Flood Attack.”
Radware DDoS protection solution provider recently discovered a new category of distributed denial-of-service (DDoS) attack, according the experts of the company it is a type of SYN flood dubbed “Tsunami SYN Flood Attack.”
In just 48-hour period the experts of the Radware’s Emergency Response Team (ERT) observed two high-volume attacks targeting in two different continents.
The Tsunami SYN-Flood Attack hit an ISP provider and a data center for a gaming company and as explained by the researchers the attacks experienced peeks 4-5 Gbps in attack traffic.
The name Tsunami SYN Flood Attack is not casual, experts sustain that it uses about 1,000 bytes per packet, it is an amazing number respect a typical SYN flood attack which uses nearly 40 to 60 bytes per packet.
This kind of DDoS attack exploits TCP protocol instead the UDP, making ineffective the classic methods of defense, as explained Radware in a blog post:
“Normally the SYN package is a simple handshake mechanism with a very low data footprint,” Adrian Crawley, Radware regional director for the UK, said. “It appears that hackers have found a way to add content to it – up to 1,000 bytes, or 25 times more data per handshake. This is allowed based on TCP RFC, but it is not common practice simply to avoid latency during the initial handshake. But because it is allowed by RFC, hackers can add data – this could be any random data – to the application which requested the initial SYN handshake.”
It is likely that threat actors behind the Tsunami SYN Flood attack have used a botnet and Crawley explained how the attack reached the pulses of traffic observed with the following statement:
“An attacker does not have 100 [percent] control over each machine that generates traffic, so as more “bots” were being accessed in the attack, [it] could account for the pulses of attack traffic, rather than a constant stream.”
Such kind of attacks could be identified and mitigated using behavioral algorithms:
“Behavioral algorithms are key in both detecting and mitigating these threats, along with implementing a hybrid model of cloud and on-premise mitigation.”
Radware experts suspect that in the next months a growing number of DDoS attacks will be Tsunami SYN Flood attack.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.