Anatomy of a SYN-ACK attack

Overview In recent weeks, a series of DDoS attacks were directed at multiple financial institutions. The attacks utilized a seldom seen reflection vector known as TCP SYN-ACK reflection. SYN-ACK reflection isn't new, but it's rarely observed due mostly to its lack of popularity among attackers and impact on the victim. The observed attacks sparked conversations both publicly and privately amongst several organizations, including Akamai. In this write-up, we're going to