Kirill A. Korinsky wrote: > But they need must to send one packet to get one packet. > > How does amplify part works here?
It exploits the three way handshake, when you don't get ACK back from your SYN-ACK to the forged SYN, you will send a TCP retransmission. So e.g. if the attacker floods you with SYN packets and uses you as a reflector, they may get some small amplification (maybe 2:1). Depending on the OS setting (number of synack retries). I am looking for a way to detect forged SYN packets and drop if possible.
