Skip to content

TCP STOMP ACKPSH Flood

yukı edited this page Sep 7, 2023 · 3 revisions

Introduction:

The TCP STOMP (Synchronized Transmission of Overwhelming Massive Packets) or ACK PSH (Acknowledgment Push) attack is a form of Denial of Service (DoS) attack that targets the TCP protocol by flooding a victim server or network with an excessive number of ACK and PSH packets. This attack exploits vulnerabilities in the TCP protocol's acknowledgment and push mechanisms, causing resource exhaustion and rendering the system unresponsive to legitimate traffic. In this comprehensive text, we will delve into the details of TCP STOMP/ACK PSH attacks, explore their implications, and discuss effective mitigation strategies.

Understanding TCP STOMP/ACK PSH Attacks:

TCP utilizes ACK (acknowledgment) packets to confirm the receipt of data and PSH (push) packets to indicate the immediate delivery of data to the receiving application. TCP STOMP/ACK PSH attacks combine these two mechanisms by overwhelming the victim server with an excessive flood of ACK and PSH packets, creating a substantial load on the system.

During a TCP STOMP/ACK PSH attack, the attacker floods the victim server with a massive volume of spoofed or randomly generated ACK and PSH packets. The server allocates resources to handle the incoming packets, including memory, processing power, and network bandwidth. The overwhelming volume of packets consumes these resources, leading to performance degradation, service disruptions, or complete unavailability.

Implications of TCP STOMP/ACK PSH Attacks:

TCP STOMP/ACK PSH attacks can have severe consequences for targeted systems and networks, including:

  • Denial of Service (DoS): The flood of ACK and PSH packets overwhelms the victim server, depleting its resources and causing a denial of service for legitimate users. This disrupts critical services, leading to financial losses, customer dissatisfaction, and reputational damage.

  • Resource Exhaustion: TCP STOMP/ACK PSH attacks consume substantial server resources, including memory, CPU cycles, and network bandwidth. The high load imposed by the flood of packets can lead to system instability, crashes, or unresponsiveness.

  • Application Disruption: The excessive volume of PSH packets in TCP STOMP/ACK PSH attacks can disrupt the delivery of data to the receiving application. This can lead to application malfunctions, data corruption, or inability to process legitimate requests.

How the script deals with that:

  • Rate-Limit. [Optional]
  • Stateful Packet Inspection.
  • Anti-Spoofing.
  • Other methods.