Follow on Google News News By Tag Industry News News By Place Country(s) Industry News
Follow on Google News | Tsunami SYN Flood Attack – A New Trend in DDoS Attacks?By: Radware Radware has issued an ERT Threat Alert, which is summarised below. Further details are in the full threat alert and the alert is supported by a blog post, which includes recommendations on preventative measures that can be taken. Read Radware’s ERT Threat Alert (http://security.radware.com/ Read Radware’s blog post (http://blog.radware.com/ Tsunami SYN Flood Attack – A New Trend in DDoS Attacks? Over the past week Radware’s Emergency Response Team (ERT) detected a new type of SYN Flood which is believed to have been designed to overcome most of today’s security defences with a TCP-based volume attack. Radware’s ERT identified two of these new attacks within a 48-hour period on two different targets in two different continents – both have experienced very high attack volumes. This new type of attack has the ability to saturate the Internet pipe of its victim faster than most attack types we’ve witness beforehand. We have aptly named this new volumetric flood “Tsunami SYN Flood Attack”. This new SYN Flood is extremely different to a normal SYN packet in that it is characterised as being approximately 1000 bytes per packet in size and its attack can hit an entire network range. Attacks with these dimensions quickly consume bandwidth and thus far even these modest timed attacks were witnessed with pulses of about 4-5Gbps in attack traffic. Radware’s ERT recommends that organisations verify that their mitigation solution can block the Tsunami SYN Flood Attack. Early detection is key and most typical TCP-based SYN cookie-type protections are not effective. Here are a few key areas to consider in this case: 1. Behavioural algorithms are key in both detecting and mitigating these threats. Not having an early behavioural detection capability on premise will render the application stack and most modern defences useless against this new attack weapon. 2. A hybrid model of cloud and on-premise mitigation is the most effective and sound solution. Since this is a volumetric attack that can have pulse characteristics to it, a targeted victim will need fast and high quality detection coordinated with cloud scrubbing mitigation capability to prevent Internet pipe saturation. 3. An updated emergency response plan is key to dealing with security attacks when they occur. Make sure you have on in place, that it’s updated and your team knows what they need to do when an attack is detected. This is the first time we’ve seen this new type of attack that we feel could become a new trend in Distributed Denial of Service (DDoS) attacks. One can surmise that the attacks which were witnessed may have been “exploratory” Companies wishing to test the effectiveness of this new type of SYN Flood should contact Radware’s ERT (http://www.radware.com/ End
Account Email Address Account Phone Number Disclaimer Report Abuse
|
|