# TCP DDoS Attack TCP (Transmission Control Protocol) flood attacks are a prevalent form of Denial-of-Service (DoS) attack that can severely disrupt network operations. In these attacks, the aggressor overwhelms a target system or network with a flood of TCP packets, which can exhaust server resources, lead to service degradation, or cause complete service outages. Such attacks exploit the reliable connection establishment process of TCP, making them particularly disruptive and challenging to mitigate. Early detection of TCP flood attacks is crucial for minimizing their impact and maintaining network service continuity. Quick identification enables network administrators to implement defensive measures, such as traffic filtering, rate limiting, or realigning resources, to alleviate the attack's impact and preserve network functionality. ElastiFlow provides a collection of anomaly detection jobs designed to identify TCP flood attacks, including various techniques and monitoring strategies tailored to detect the signature patterns of these attacks. ## Attributes | Attribute | Information | | ------------------------------- | --------------------------------------------------------------------------------- | | **Analysis Type** | temporal | | **MITRE ATT\&CK Technique** | [Network Denial of Service (T1498)](https://attack.mitre.org/techniques/T1498) | | **MITRE ATT\&CK Sub-Technique** | [Direct Network Flood (T1498.001)](https://attack.mitre.org/techniques/T1498/001) | | **MITRE ATT\&CK Tactic** | [Impact (TA0040)](https://attack.mitre.org/tactics/TA0040) | ## Downloads | Schema | Perspective | Link | | --------- | ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | **CODEX** | **edge** | [elastiflow\_codex\_netsec\_ddos\_tcp\_edge](https://github.com/elastiflow/elastiflow_for_elasticsearch/raw/master/ml/codex/netsec_ddos/netsec_ddos_tcp_edge.json) | | **CODEX** | **inbound** | [elastiflow\_codex\_netsec\_ddos\_tcp\_in](https://github.com/elastiflow/elastiflow_for_elasticsearch/raw/master/ml/codex/netsec_ddos/netsec_ddos_tcp_in.json) | | **ECS** | **edge** | [elastiflow\_ecs\_netsec\_ddos\_tcp\_edge](https://github.com/elastiflow/elastiflow_for_elasticsearch/raw/master/ml/ecs/netsec_ddos/netsec_ddos_tcp_edge.json) | | **ECS** | **inbound** | [elastiflow\_ecs\_netsec\_ddos\_tcp\_in](https://github.com/elastiflow/elastiflow_for_elasticsearch/raw/master/ml/ecs/netsec_ddos/netsec_ddos_tcp_in.json) | By deploying this suite of anomaly detection jobs, organizations can effectively monitor for and quickly respond to TCP flood attacks. This rapid detection and response capability is essential in safeguarding network infrastructures against the damaging effects of these attacks, ensuring the continued availability and reliability of network services in an increasingly interconnected digital environment. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.elastiflow.com/data_platforms/elastic/ml/netsec/netsec_ddos/tcp_flood.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.