SYN flood + bandwidth consumption hybrid DOS attack example

Source: Internet
Author: User

A user finds abnormal traffic before launching a new system. After capturing packets using wireshark, view the summary view and find that there are nearly 4000 packets per second, with an average packet length of 991 bytes, as shown in:

 

We can view the connection status in the coversations view and find that in an IP connection session, the number of packets that the source host interacts with three IP addresses, namely 113.105.171.88, 121.12.110.60, and 121.12.110.61, is much greater than that of other IP addresses, as shown in:

Let's look at the TCP session and find that the interaction features are obvious. They send a 1024-byte message, as shown in:

 

Back to the data packet View:

 

It seems that basically all SYN packets, but the conventional SYN packets only have 64 bytes, and there is no application layer data. Here it shows that there are 970 bytes of application layer data, which is obviously unreasonable.
We can view the specific decoding of these packets, as shown in:

It is found that the application layer data with a length of 970 bytes is "0.

 

 

Based on the above analysis, it can be basically determined that hackers use the acquired machine to send SYN Flood attack packets containing 970 bytes of Application Data filled with "0" to the fixed host, in addition to the SYNflood attack effect on the server, it also consumes a lot of bandwidth resources at the Internet egress of the attacked host to achieve a comprehensive Denial-of-Service attack effect.

The conventional DOS attack methods have previously met and handled quite a lot, but this clever and more efficient hybrid DOS attack method is rare in actual work. It is worth remembering for your reference.

 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.