Someone recently decided to show me a POC of a new Denial of Service method using SYN/TCP he's figured out. I thought it was complete nonsense, but after explaining to him about SYN-SYN/ACK-RST, he left me speechless. He told me "what if the server you're using to trick into sending the SYN/ACK packets can't receive the RST packet?"
I have no idea. He claims that the server will continue trying to send SYN/ACK packets, and that the packetrate will continue to build up.
Is there any truth to this? Can anyone elaborate?
Apparently, the way it works is this:
He spoofs the IP of the SYN packet to the target's IP.
He then sends the SYN packet to a handful of random servers
They all reply with their SYN/ACK packet to the target IP, of course
The target responds with RST, as we know
BUT somehow he keeps the target from sending the RST or keeps the random servers from processing it
With this, apparently the servers will continue trying to send the SYN/ACK packets, thus producing a somewhat of a "snowball" effect.