SUBSCRIBE TO
CONTINUITY BRIEFING


Business continuity news

Never miss a news story: signup for our free weekly email newsletter.

REGIONAL PORTALS
Continuity Central currently offers three regional business continuity portals:
North America
United Kingdom
Asia Pacific / Australasia

Business Continuity books

In Hindsight - A compendium of Business Continuity case studies

Add to Google  

Use Google?
Click the button to add Continuity Central news to your Google home page
.

Follow us on Twitter  

Get immediate news
and information updates via our Twitter feed.

SUBMIT YOUR NEWS
To submit news stories to Continuity Central, e-mail the editor.

NEWSFEED
Want an RSS newsfeed for your website? Click here

OUR COOKIE POLICY
Before using this website ensure that you understand and accept our cookie policy. More details

How DDoS attackers can turn mitigation devices against you

Prolexic has shared information on a popular cyber attack technique, SYN reflection attacks, which can leverage the defense mechanisms of DDoS mitigation devices to increase the strength of the attacks.

SYN reflection attacks are one of the more sophisticated DDoS attack methods and typically require some skill to execute. However, they have recently grown in popularity as they’ve become available on a DDoS-as-a-Service basis via the criminal underground.

“SYN reflection attacks have been around for a long time, but new attack apps make them extremely easy to launch. Even a novice can do it,” said Stuart Scholly, President of Prolexic. “Malicious actors wrap web-based graphical user interfaces around sophisticated scripts and offer them as convenient DDoS-as-a-Service apps that you can launch from your phone.”

SYN reflection attacks are used against targets that support TCP – a core communication protocol that enables computers to transmit data over the Internet, such as web pages and email.

However, before data is transmitted between machines, the computers must establish a connection in the form of a multi-step handshake. If a handshake cannot be completed successfully, the computers repeatedly attempt connections. SYN reflection attacks misdirect these communication handshakes to other machines until they are overwhelmed with a flood of communication requests.

“What most people don’t realize is that mitigation equipment can contribute to the problem of SYN reflection attacks,” Scholly explained. “The equipment is programmed to challenge these connection requests to ensure they are legitimate. The mitigation equipment will keep challenging the request from the spoofed IP address, thus creating backscatter toward the spoofed server.

“It’s an unfortunate side effect of DDoS mitigation. Some backscatter is inevitable. However, it can be overcome using more sophisticated mitigation techniques once the attack is understood to be a SYN reflection attack,” Scholly explained. “At Prolexic, we actively try to minimize backscatter. This is why it is so important to do packet analysis, and not just rely on equipment alone.”

SYN reflection attacks, also known as spoofed SYN attacks, are discussed in detail in a new white paper from the Prolexic Security Engineering & Response Team (PLXsert). The white paper is the third in the Distributed Reflection Denial of Servicer (DrDoS series), and is available free of charge at www.prolexic.com/drdos (registration required).

•Date: 9th July 2013 • World •Type: Article • Topic: ISM

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.
   

How to advertise How to advertise on Continuity Central.

BCM software

BCM software

Phoenix

Business continuity software

The Business Continuity and Resiliency Journal