The internet is not a place where trends tend to endure. What got a thousand likes on Instagram last week can easily become a scroll-past this week, and even the most successful social media influencers will eventually have to get a real job
However, there are some glaring exceptions to the here-today-gone-tomorrow nature of the internet. Unfortunately, instead of things like bacon being shoehorned into every recipe and
A most impolite handshake
As mentioned above,
In a standard TCP handshake, a user’s browser sends a synchronize (SYN) request to the website server, the server responds with an acknowledgment of the synchronize request (SYN-ACK) and to complete the connection, the browser sends back an acknowledgment of its own (ACK). Every time the server sends
The more you think about it, the more it seems like there should be a way to stop attackers from fiddling with the TCP handshake, doesn’t it? You’re right.
There are four ways for the administrator of a server to prevent SYN
1. Keep your server from allocating memory until the ACK is received
To do this, you’ll want to use SYN cookies that send the SYN-ACK with a sequence number composed of unique identifying information. For a legitimate connection, the browser’s ACK will include that sequence number. Only then will the server open a port or allocate any memory to a connection.
2. Keep your server from going all-in on every attempted connection
Using micro blocks, you can keep your server from allocating a complete connection object in its memory every time
3. Make the browser work for the connection
Set your server to intentionally reply to all first requests from any given browser with an invalid SYN-ACK, forcing the browser to reply with an RST packet indicating that something is wrong. Only a browser trying to make a legitimate connection would reply with such a packet, so the server can then accept current and future connections.
4. Tweak the stack for a temporary solution
5. Get professional DDoS protection
All of the above options are effective and can help to reduce the effects of
If you don’t want to be bothered with SYN cookies or micro blocks or fretting over how much bandwidth your network has available and how much it will cost if an attack eats that bandwidth, you can just get cloud-based DDoS mitigation capable of stopping any and all DDoS attacks. This very much includes SYN floods, the attack type mitigation services have had decades to practice dealing with.