What is a Null Connection Flood Attack?
A Null Connection Flood Attack is a type of Distributed Denial of Service (DDoS) attack. In this attack, the attacker floods a target server with TCP packets that have no flags set, also known as “null” packets. Unlike ordinary TCP traffic, which includes flags like SYN, ACK, or FIN to manage connections, null packets do not contain this information, making them appear as incomplete or malformed connections. The goal of this attack is to overwhelm the server’s resources by forcing it to process and respond to these abnormal packets, which disrupt legitimate traffic and can potentially cause service outages. This attack takes advantage of the server’s need to analyze each incoming packet, leading to resource exhaustion and denial of service to legitimate users.
Null Connection Flood Attack Principle
It is a type of attack that involves establishing connections without sending any data, aiming to exhaust the server’s process and connection resources. By filling the server with half-open connections, the attack exhausts processing power and connection capacity, leading to service disruption and denying access to legitimate users.
The image above indicates that the source IP of a null connection attack is genuine, as the TCP three-way handshake must be completed to establish the connection.
Protecting Against Null Connection Flood Attacks
The DPDK FW proxies the three-way handshake. After the three-way handshake is successful, it waits for the client to send the next packet before forwarding it to the backend, thereby protecting the backend business servers.
This approach ensures that only legitimate and fully established connections are passed through, providing an additional layer of security that helps protect the backend servers from potential attacks, such as SYN floods or other types of malicious traffic that might otherwise exploit the handshake process. This method effectively filters out illegitimate traffic, safeguarding the backend servers and maintaining the integrity of the business services they support.