SYN-Flooding Smartphones

Prolexic just released a report saying that for the quarter (Q2/12), application-layer DDoS attacks have declined as a percentage of all DDoS attacks. That’s not necessarily good news – both L4 and L7 attacks are on the rise, but the former are just growing faster. Prolexic conjectures that the decline may be because layer DDoS 7 attacks are more difficult to cloak, making attack participation traceable by the authorities.

If layer 4 attacks such as the SYN-flood never really went out of style, it’s because they’re still effective – see earlier post on the mechanics and countermeasures.

One interesting place that SYN-floods get seen is in the core network of mobile service providers. It might surprise one to know that some service providers allow IPv4 traffic originating from the Internet all the way to through to the smartphones. There are legitimate reasons for allowing this traffic, but a side-effect is that SYN-floods get through, too.

Earlier this year, with the help of some field engineers, I put together an article describing the interesting effects of L4 attacks through the mobile core networks and it was just published by Converge Network Digest.

Check it out to see what happens when a group of smart phones gets targeted by a SYN-flood.


Published Jul 23, 2012
Version 1.0

Was this article helpful?

No CommentsBe the first to comment