Methods / L4 / SYN-ACK
L4 · NetworkVolumetricTCPSpoofableOut-of-State
SYN-ACK stress test
Sends a stream of TCP SYN-ACK packets that pretend to answer connection requests no client ever made, validating how your firewall handles out-of-state traffic.
How it works
A SYN-ACK is normally the server's reply during a handshake, so a flood of unsolicited SYN-ACKs arriving with no matching outbound SYN is pure out-of-state noise. It forces the target and its firewall to process and reject packets that have no place in any tracked connection, consuming CPU and state-lookup capacity. It validates whether stateful inspection cleanly drops SYN-ACKs that match no half-open connection rather than wasting cycles on them.
Parameters
pps600k ppsSYN-ACK packet rate driven at the target
sourceswide source spreadSpreads traffic across many spoofable source addresses
dst portany service portTargets a single TCP endpoint
duration10-600 sLength of the test window
Run it from the CLI
retro-cli
$ retro run syn-ack --target 203.0.113.45 --port 443 --duration 120
SYN-ACK FAQ
Is SYN-ACK testing legal?+
Only against infrastructure you own or are authorized to test. RETRO//STRESS requires authorized targets.
What does SYN-ACK stress?+
Sends a stream of TCP SYN-ACK packets that pretend to answer connection requests no client ever made, validating how your firewall handles out-of-state traffic.
Can I combine it with other methods?+
Yes, add it as a step in a packet chain to sequence it with other protocols.