On Thu, 07 Aug 2025 00:16:26 +0200, Lloyd <ng2...@proton.me> wrote: > > I see a ton of evidence of TCP SYN+ACK reflection attacks lately, where an > (obviously forged) stream of TCP packets - which have a source port that is > a known service, like SSH or HTTPS, as opposed to a high-numbered port, > hitting running services on my box. The service will happily engage and > reply to these forged packets, at least until TCP backs off. > > Seems like this is a poor man's DDoS that is using my server to amplify. >
But they need must to send one packet to get one packet. How does amplify part works here? -- wbr, Kirill
