How an SYN attack is carried out, and the best strategies for DDoS protection

1. Under normal circumstances, the client machines send an SYN (synchronize) packet to the server to initiate the connection, and the server responds to that initial packet with a SYN/ACK (synchronize acknowledge) packet. The client returns an ACK packet to acknowledge the receipt of the packet from the server, and the TCP (Transmission Control Protocol) connection becomes open. In an SYN attack, the attacker sends high volumes of SYN packets to the targeted server, often with spoofed IP addresses. The server responds to each of the connection requests, and leaves an open port ready to receive the response. While the server waits for the final ACK packet, which is never sent, the attacker continues to send more SYN packets, temporarily opening more port connections for a certain length of time. Once all the available ports have been utilized, the server cannot entertain requests of legitimate users, and no longer can function normally. SYN-ACK attack is a type of distributed denial of service (DDoS) attack that aims to make the target server of the competitor unavailable to legitimate traffic by consuming all server resources. SYN-ACK attack exploits the handshake process of TCP connection. It can happen in three ways: Direct attack: The attacker will not mask their IP address, and thus becomes highly vulnerable to discovery and mitigation. The attacker prevents their machine from responding to the server’s SYN-ACK packets, often using firewall rules, by filtering out any incoming SYN-ACK packets before they reach the malicious user’s machine. This SYN attack method is rarely used as mitigation is fairly straightforward. Spoofed attack: The attacker will spoof the IP address on each SYN packet they send to inhibit mitigation efforts, making it difficult to be discovered.

2. DDoS attack: A botnet is used to launch this attack. The attacker may have each distributed device also spoof the IP address from which the packets are sent. Which businesses are more prone to DDoS attacks? SYN attack is done to create DDoS in the target device. The goal of DDoS attacks is to disrupt application performance or availability but the attack vectors can vary. DDoS attack can be launched by the competitor, and they may even hire professional hackers, to launch the attack with the knowledge that it will not only impact your website but also your business. Some sites are more prone to DDoS attacks due to the nature of their contents, such as a whistleblower websites, or the ones dealing with controversial issues such as anti-racism or abortion. DDoS attacks are the leading cause of apps, websites and services’ downtime. These are increasingly becoming sophisticated, and cannot be handled by on-premises security appliances. The risk of DDoS has never been greater as organizations have encountered a deluge of DDoS extortion. Without the right DDoS protection, even a robust, modern network will collapse under an assault of high magnitude. Mitigating DDoS risks with industry-leading technology In the wake of heightened operational risk, a proven DDoS mitigation strategy is imperative for online businesses to thrive. To mitigate DDoS risk, organizations must implement Cybersecurity and Infrastructure Security Agency (CISA) recommendations, and review critical subnets and IP spaces, to ensure that they have mitigation controls in place. The organizations should deploy DDoS protection and security controls in an “always on” mitigation posture as a first layer of defense to prevent emergency integration scenarios. To thwart the attack, Akamai’s Prolexic DDoS protection employs industry-leading combination of technology, people and processes to pre-mitigate the assault with no collateral damage, thanks to its proactive defense posture. The platform has a

3. dedicated defense capacity that scales to several times the size of the largest publicly reported attacks. Contact @ https://www.akamai.com/