syn-flood ddos make them even more powerful against ISP's

new technique of adding content to DDOS attacks makes them even more overwhelming making it possible to attack ISP's

“Normally the SYN package is a simple handshake mechanism with a very low data footprint,” Adrian Crawley, Radware regional director for the UK, said. “It appears that hackers have found a way to add content to it – up to 1,000 bytes, or 25 times more data per handshake. This is allowed based on TCP RFC, but it is not common practice simply to avoid latency during the initial handshake. But because it is allowed by RFC, hackers can add data – this could be any random data – to the application which requested the initial SYN handshake.”

the article has even more interesting information

we have heard that before : because it isn't prohibited by the RFC it is allowed which is not the way one should read those, these are guidelines to be followed, not to be interpreted

The comments are closed.