ACK Attack or ACK-PUSH Flood
An ACK flood DDoS attack or ACK-PUSH Flood disrupts the communication connection with a server by overwhelming the targeted server with bogus TCP ACK (or ACK-PUSH) packets which are supposed to be sent to acknowledge that a device has successfully received transmitted data.
What is ACK Attack or ACK-PUSH Flood?
An ACK flood attack abuses the three-way TCP handshake. Often using a botnet, the threat actor sends massive volumes of empty ACK packets from spoofed IP addresses to a server to appear to be acknowledging a connection. Since each packet contains the ACK flag in the header, it appears to be legitimate. The targeted server consumes its computing power processing each ACK packet received, which leaves it unable to serve legitimate users.
Common Targets of ACK Attacks
Firewalls and servers are the most common targets for ACK or ACK-PUSH flood attacks because they need to process every packet they receive. The attacks force firewall lookups and deplete server resources as systems try to keep up with spoofed requests. Load balancers, routers, and switches are not targeted by these attacks.
How to Detect and Mitigate ACK Attacks
Slow network performance and responses times could indicate that you are experiencing an ACK or ACK-PUSH flood DDoS attack. To mitigate these attacks:
- Load balancers and failover mechanisms can help distribute traffic across different servers and cloud resources.
- A content delivery network (CDN) can filter out these illegitimate packets.
- Rate-based limiting and filtering rules can detect and block packets that exceed normal rates.
To stop attacks before damage is done, use an advanced DDoS protection that monitors the network for suspicious activity while keeping legitimate traffic flowing. When coupled with AI-assisted threat intelligence, it can continually learn from new data and adapt in real time to stay ahead of emerging threats, counter evolving methods, and keep defenses sharp against follow-on malicious activity and threats to your operations.
Get in Touch
It’s important to stay vigilant against ACK attacks. Visit our threat intelligence research center for more information on DDoS defense in depth.
