November 04, 2009, 11:23 AM — Recently I ran into the Internet connection problem from hell. My 6Mbps down/512Kbps AT&T DSL connection started running at speeds I hadn't seen since my dial-up modem days. When you do what I do for a living, trying to work with an Internet connection as slow as that is like trying to run a marathon while having an asthma attack.
It turns out I'd run into a perfect storm of multiple problems, but one of those problems surprised me. My network was enduring a SYN attack... from a neighbor's malware-infected Windows PC. I was getting hit because they were, sometimes, using my open Wi-Fi AP (Access Point) to connect to the Internet.
A SYN attack takes advantage of the TCP/IP protocol handshake between two Internet applications. SYB works by starting an application session by sending a TCP SYN (synchronization) packet from one program to another . That application then replies with a TCP SYN-ACK acknowledgment packet; the first program then responds with an ACK (acknowledgment). Once the applications have made their handshake, they're ready to work with each other.
These attacks ruin network connections by flooding them with TCP SYN packets. Each SYN packet forces the targeted server to produce a SYN-ACK response and then wait for the appropriate ACK. You can see where this is going. Outstanding SYN-ACKs start piling up behind each other in a backlog queue and when that queue is full up, the clogged up system stops acknowledging incoming SYN requests.
Usually SYN attacks are used in DDoS (Distributed Denial of Service) attacks to shut down Web sites such as the ones that targeted Google and Twitter. I just happened to be a drive-by victim of a Windows malware infection.
I helped them fix their problem-their network was a mess as well-but it also made me realize that I can't just run my Wi-Fi APs without any security anymore. I have no problem sharing my bandwidth, but I do object to sharing my neighbor's problems.
I'm not the only one. As Wi-Fi has become commonplace many of us have ran into performance problems with too many Wi-Fi APs competing for too few channels. You see while 2.4Ghz 802.11g and 802.11n have up to 14-channels, in practice you can only use three of them in any given area-typically 1, 6, and 11-before running into interference that slows down everyone's performance. The only way to fix this is to set your APs so they won't conflct with each other.
But, this, this was different. For the first time, I found my computers and network being not knocked around by a neighbor's security mistake. I can't afford this. So, it is that I'm now using a version of WPA (Wi-Fi Protected Access) to make sure that any problems on my network are coming from my network.
For more on how to guard your own Wi-Fi connection, tune in for my next Sure it's Secure blog. Having fixed that problem, you'll excuse me if I move on to tracking down what appears to be some bad cabling running off my Gigabit Ethernet switch.
