Tsunami SYN Flood Attack – A New Trend in DDoS Attacks?

By: Radware
 
Oct. 13, 2014 - PRLog -- Please find below an alert issued by Radware regarding an entirely new type of cyber attack that has been detected by the company’s Emergency Response Team (ERT). Radware has named this new volumetric flood the Tsunami SYN Flood Attack due to its rapid speed and volume that has the potential to challenge the vast majority of current security solutions.

Radware has issued an ERT Threat Alert, which is summarised below. Further details are in the full threat alert and the alert is supported by a blog post, which includes recommendations on preventative measures that can be taken.

Read Radware’s ERT Threat Alert (http://security.radware.com/SiteCode/Templates/template_1_1_2%282x1%29_1.aspx?pageid=105&id=628)

Read Radware’s blog post (http://blog.radware.com/security/2014/10/tsunami-syn-flood-attack/)

Tsunami SYN Flood Attack – A New Trend in DDoS Attacks?

Over the past week Radware’s Emergency Response Team (ERT) detected a new type of SYN Flood which is believed to have been designed to overcome most of today’s security defences with a TCP-based volume attack. Radware’s ERT identified two of these new attacks within a 48-hour period on two different targets in two different continents – both have experienced very high attack volumes.

This new type of attack has the ability to saturate the Internet pipe of its victim faster than most attack types we’ve witness beforehand.  We have aptly named this new volumetric flood “Tsunami SYN Flood Attack”.

This new SYN Flood is extremely different to a normal SYN packet in that it is characterised as being approximately 1000 bytes per packet in size and its attack can hit an entire network range. Attacks with these dimensions quickly consume bandwidth and thus far even these modest timed attacks were witnessed with pulses of about 4-5Gbps in attack traffic.

Radware’s ERT recommends that organisations verify that their mitigation solution can block the Tsunami SYN Flood Attack. Early detection is key and most typical TCP-based SYN cookie-type protections are not effective. Here are a few key areas to consider in this case:

1.     Behavioural algorithms are key in both detecting and mitigating these threats. Not having an early behavioural detection capability on premise will render the application stack and most modern defences useless against this new attack weapon.

2.     A hybrid model of cloud and on-premise mitigation is the most effective and sound solution. Since this is a volumetric attack that can have pulse characteristics to it, a targeted victim will need fast and high quality detection coordinated with cloud scrubbing mitigation capability to prevent Internet pipe saturation.

3.     An updated emergency response plan is key to dealing with security attacks when they occur. Make sure you have on in place, that it’s updated and your team knows what they need to do when an attack is detected.

This is the first time we’ve seen this new type of attack that we feel could become a new trend in Distributed Denial of Service (DDoS) attacks. One can surmise that the attacks which were witnessed may have been “exploratory”, in order to “fine-tune” the concept and evaluate the effectiveness of deployed defences.

Companies wishing to test the effectiveness of this new type of SYN Flood should contact Radware’s ERT (http://www.radware.com/support/?utm_source=radware&ut...) to see if their deployed resources can handle this type of attack.
End
Source:Radware
Email:***@essential-communications.com Email Verified
Tags:Radware, Cyber, Syn
Industry:Computers, Technology
Location:England
Account Email Address Verified     Account Phone Number Verified     Disclaimer     Report Abuse
Essential Communications PRs
Trending News
Most Viewed
Top Daily News



Like PRLog?
9K2K1K
Click to Share