Mitigating TCP SYN Floods

UNDER ATTACK?
2022 1HY Report_Cover-2-1

In the first half of 2022, the total attack count and average attack size increased by 75.60% and decreased by 55.97% respectively compared to the figures recorded in the second half of 2021.  Learn More

Nexusguard Blog

Cybersecurity best practices and DDoS defence strategies

Latest Stories

Nexusguard Product Nexusguard Product
Mar 06, 2023

The Killnet Botnet: A Threat to Healthcare and Banking Sectors

Nexusguard Product Nexusguard Product
Feb 16, 2023

Protecting against SIP Flood Attacks

Nexusguard Product Nexusguard Product
Jan 31, 2023

Protecting against SSL/TLS Flood Attacks

Featured Stories

Blog Home
Nexusguard Product
By
January 14, 2020

Mitigating TCP SYN floods

  DDoS DDoS Threat Report TCP SYN flood DNSSEC

On the Nexusguard platform, you can configure protection from TCP SYN flood attacks. The mechanism works like this: When a client sends a connection request (SYN segment) to the host, the platform intercepts the SYN segment and responds to the client with a SYN/ACK segment. The platform waits the specified timeout period for the return ACK from the client to complete the TCP handshake. 

 

If the platform does not receive a return ACK during the timeout period, it drops the packet. If the platform receives a return ACK, indicating that the client is legitimate and is not spoofed, it establishes a connection with the requested server and forwards the original connection request. 

blog_images-02

As a second layer of defence, the platform can be configured to limit the number of embryonic (half-open) connections. When the embryonic connection threshold of a connection is crossed, the platform acts as a proxy for the server and generates a SYN-ACK response to the client’s SYN request using the SYN cookie method. When the platform receives an ACK back from the client, it can then authenticate that the client is real and allow the connection to the backend server. 

 

Last but not the least, Nexusguard’s mitigation platform employs global BGP Anycast to disperse and mitigate attack traffic across the global scrubbing network, ensuring extreme resilience and low latency during attack time.

Popular Stories

VAPT on Static Website Aug 26, 2019
Torshammer: A Tool with Slow-rate DDoS Impact on Apache Servers Oct 22, 2014
Preventing Slow HTTP Attacks Nov 08, 2021

If the platform does not receive a return ACK during the timeout period, it drops the packet. If the platform receives a return ACK, indicating that the client is legitimate and is not spoofed, it establishes a connection with the requested server and forwards the original connection request.



Related articles

COVID-19 pandemic causing the most significant increase in DDoS attacks ever

How Vietnam networks unwittingly expose themselves to IoT botnet exploits

Communications Service Providers (CSPs) are being brought to their knees by “Bit-and-Piece” attacks that fly under the radar

SOLUTIONS
PRODUCTS & SERVICES
PARTNERS
ACADEMY
RESOURCES
ABOUT US

© 2023 Nexusguard - All Rights Reserved. Read Our Privacy Policy.