What is a PUSH and ACK Flood?

When connecting with a server, the client can ask for confirmation that the information was received by setting the ACK flag, or it can force the server to process the information in the packet by setting the PUSH flag. Both requests require the server to do more work than with other types of requests.

By flooding a server with spurious PUSH and ACK requests, an attacker can prevent the server from responding to valid traffic. This technique is called a PUSH or ACK flood.

Since PUSH and ACK messages are a part of standard traffic flow, a huge flood of these messages alone indicates abuse. Using a full-proxy architecture to manage every conversation between the client and the server can weed out abuse quickly.

Both F5 BIG-IP Local Traffic Manager (LTM) and BIG-IP Advanced Firewall Manager (AFM) are built on full-proxy architectures, so they can determine valid traffic flow and drop PUSH and ACK traffic floods so they never pass to the protected network.


Related Content