TCP-AMP-SYN stress test

Reflects SYN traffic off open-port hosts so SYN-ACK and retransmit storms land on your target, testing whether reflected TCP gets scrubbed at the edge.

Run TCP-AMP-SYN test → All methods

600k pps

trigger rate

How it works

This method sends spoofed SYN packets that appear to come from your test target toward a pool of hosts with open ports. Each host replies with SYN-ACK and, getting no final ACK, retransmits that response several times, so a single trigger packet produces multiple inbound segments. It validates that your mitigation recognizes unsolicited SYN-ACK and reflected TCP floods, a vector that bypasses filters built only for UDP amplification.

Parameters

rate600k ppsOutbound SYN trigger rate

reflectors1k-100k hostsPool of open-port responders

portany open TCP portDestination port on the test target

duration10-600 sLength of the reflection run

Run it from the CLI

retro-cli

$ retro run tcp-amp-syn --target 203.0.113.45 --duration 120

TCP-AMP-SYN FAQ

Why does reflecting SYN amplify the load?+

Each open-port host answers with SYN-ACK and retransmits it when no ACK arrives, so one trigger packet becomes several inbound segments toward the target.

Does this rely on UDP at all?+

No. It is pure TCP reflection, which is why it is useful for confirming your defenses cover more than the common UDP amplification protocols.