4chan rides out a SYN flood attack on its website and forums

WEB MELTING POT 4chan has been under sustained distributed denial of service (DDoS) attack since the weekend.

Netcraft, a service that monitors the uptime of web servers, has shown the extent of problems faced by 4chan's website as it weathers a severe DDoS attack. 4chan announced on Sunday 13 November that it was taken offline due to the ongoing assault.

Initially 4chan revealed that the attack consisted of a UDP packet flood on port 80, which typically is used for HTTP traffic. However yesterday 4chan claimed it was in fact a TCP SYN flood attack.

According to Netcraft's graphs not only has the response time of 4chan's website been severely affected by the ongoing DDoS attack, since Sunday there have been prolonged periods of downtime. Not only are 4chan's popular message boards being targeted, the main 4chan website has been up and down like a yo-yo since Sunday.

TCP SYN flood attacks are a common way of keeping a server 'engaged' waiting for acknowledgements from the original packet sender. A SYN packet is sent to the server, which replies with an acknowledgement, known as SYN ACK. Typically the original packet sender replies to the SYN ACK with an ACK of its own, however if it doesn't, the server waits for a while before that port becomes available again. If this is repeated enough times in a short period of time the server exhausts all of its ports, effectively rendering it unreachable over the network.

Although the affects of SYN flood attacks can be mitigated by the use of SYN cookies, unlike traditional DDoS attacks which aim to exhaust bandwidth or computation resources, SYN flood attacks require few resources on the attacker's side.

4chan's status page, which is hosted on Google's Blogger service, has posted a message in the last few hours saying that the website is back online. It will be interesting to see if 4chan finds out who attacked it and sets the hive-mind to work on retribution. µ