ACK Flood Attack
Attacks in this category abuse ACK network protocol properties. In practice, ACK or PUSH ACK packets are used as soon as a TCP-SYN connection is established between the guest server and the client. These packets provide communication over the duration of the session between the two parties, until the session is closed. During an ACK Flood attack, a large number of scattered ACK packets are dropped on the server not related to any currently open session. As a result, system resources are depleted to evaluate incoming packets and consequently reduce performance or cause a complete crash.
A variation of an ACK Flood Attack is a Fragmented ACK Attack. This type of attack uses packets of a size of 1500 bytes to overload a relatively high bandwidth. Due to the fact that these packets usually go through routers, ACL, firewalls and IDS/IPS without hindrance, an attacker can easily exhaust the entire capacity of the access line. Fragmented ACK attacks affect the operation and performance of all servers in the victim’s network.