As reported by Akamai , in October 2015 the XOR.DDoS botnet alone was able to hit one of their customers with a DNS Flood of 30 million queries per second, combined with a SYN Flood attack
of 140 Gbps.
SYN flood attack
is a type of DDoS attack that sends large number of spoofed SYN attack packets to the server where in the three-way handshake of TCP connection remains incomplete.
The incidents involving smurf attacks are proven in this situation and syn flood attacks
because these connections are requests to produce a massive spur of return packets to the source IP, and also it often cause a similar track to the source and the destination IP.
For example, if SYN flood attacks
are detected by the defense application, the controller modifies switch rules to redirect suspected flow onto control plane to filter out malicious packets from normal ones.
There are many types of attacks, such as the SYN flood attack
, ACK flood attack, IP Fragmentation, Distributed Reflected Denial of Service, Teardrop attack and Smurf attack, associated with the denial of service, which are created using TCP vulnerabilities.
Bi-directional network latency of UDP packets is measured under three test conditions: with no load, with 500 Mbps of HTTP traffic (or half the rated load of the device if this is less than 1 Gbps), and while the device is under a heavy SYN flood attack
(up to 10% of the rated throughput of the sensor).
The authors in  evaluated two anomaly detection algorithms (an adaptive threshold algorithm and a CUSUM change point detection algorithm), for detecting TCP SYN flood attacks
. The main goal of the research focuses on how the parameters of the algorithms and the characteristics of the attacks affect the performance of detection systems like the above.
SYN cookies are a technique used to block SYN flood attacks
, by avoiding dropping connections when the SYN queue fills up.
Since then, Linux patch.2.0.30 had introduced the concept of SYN cookie protection for SYN flood attacks
The NTP flood method went from accounting for less than I percent of all attacks in the prior quarter to reaching nearly the same popularity as SYN flood attacks
, a perennial favourite among DDoS attackers.
-- SYN Cookies - employed to eliminate SYN queue exhaustion which might lead to connection dropping and uncompleted transactions, to successfully mitigate SYN flood attacks
The system uses anomaly detection algorithms to forecast and detect anomalies in real time, including latency-based anomalies, service-level and performance-level violations, datagram storms, resource overscription, SYN flood attacks
and application overload.