Two Common Router Security Threats

In Cybersecurity by Ian0 Comments

This entry is part 4 of 8 in the series Intrusion Detection

Syn Flood or Denial of Service Attack

Syn Flood attacks, often referred to as Denial of Service Attacks are caused through exploitation of the TCP protocol. The attacker sends a large number of TCP/SYN packets using a forged address. Because of this, the destination server is unable to successfully establish a proper connection due to the source being unreachable. Lawrence (n.d.). Each time the server attempts to establish a connection, resources are used up with the flooding of packets causing eventual slow down or non-responsiveness.

There are different methods that can be used to mitigate these types of attacks. One common mitigation strategy is called blackholing, where the service provider diverts all traffic into a ‘black hole’ in an effort to save resources. Cisco (2014). The problem with this strategy is that legitimate packets are also lost in the process. Access Control Lists is another method to control incoming traffic as well as firewalls. In their paper, Ioannidis & Bellovin (2002) discussed the implementation of Pushback, a process where functionality is added to each router to detect and preferentially drop packets that ‘probably’ belong to an attack.

Brute Force

Brute force attacks can occur when routers are subjected to an attacker attempting to guess the password and gain unauthorized access. These types of attacks can be used in conjunction with automated guessing tools and dictionary methods in order to attempt to crack the password.

There are several methods for defending against brute force attacks. Lockouts can be used to prevent too many password retries. Drawbacks of lockouts however include potential denial of service, diversion tactics by the attackers, and overall inefficiency. Better ways to deal with these types of attacks include injecting random pauses between retries, sending success HTTP 200 success codes to confuse the attacker instead of the typical 401, and better use of security or secret questions. System Administration Database (2007).


System Administration Database. (2007) Blocking Brute Force Attacks. Retrieved from:

Lawrence, M. (n.d.) Types of Attacks on Routers. Studio D. Retreived from:

Cisco (2014). Defeating DDOS Attacks. Retrieved from:

Ioannidis, J., & Bellovin, S. M., (2002). Implementing Pushback: Router-Based Defense Against DDoS Attacks. Retrieved from

Series Navigation<< What are Rogue Access Points?Modern Application Frameworks, Legacy Browsers and Security Implications >>

Leave a Comment