Layer 4 Methods

Authorized testing only. These methods can destabilize systems. Run them only on assets you own or have explicit permission to test.

TCP-SYN

A very powerful method against moderately protected targets. It works only with the TCP protocol and is effective because it forces the target to respond with traffic. Recommended only against all ports (set port to 0 in the overload panel). If the target responds with connection reset, the method is effective; if the target does not respond (connection timeout), it’s better not to use it.

It can sometimes work against a single open TCP port, but other methods such as SOCKET and HANDSHAKE are usually more effective.

Host vulnerable to TCP-SYN
Overload.su config example

SOCKET / HANDSHAKE

These methods work only on open TCP ports. They don’t generate large amounts of traffic but can effectively bypass many defenses by fully emulating a real user, potentially crashing services.

SOCKET opens the maximum possible number of connections, which often leads to failures on many systems. However, it may be filtered since the behavior resembles a TCP-SYN flood. It’s recommended to set a packet rate limit in the Advanced options.

HANDSHAKE opens only a few connections (specified in Advanced options) and sends data there. You can also modify the data being sent by using the PAYLOAD field for HEX strings. Example: endlessly sending HTTP requests.

SOCKET / HANDSHAKE example

GRE / UDP / STOMP / ACK

These methods are quite similar in both operation and effectiveness. Most modern protections have patched them, but exceptions still exist:

  • GREan L3 attack method. Sends raw traffic without requiring a port. Can be effective if the target has weak bandwidth or its protection ignores GRE. Setting a very small packet size (e.g., 14) produces maximum packets and may overload some filters.
  • UDPan L4 method, mainly effective against games. Supports custom payloads and rate limits. Rarely filtered even by providers like OVH, but UDP itself is less common in production.
  • STOMPACK-PSH traffic. Works with a port, may bypass some defenses, but overall not recommended.
  • ACKACK traffic. Similar to STOMP, but generates more packets per second since it has no payload size.

Tip

The overload.su panel supports:

  • Multi-port in a single test: 80,443
  • Multi-IP and subnets in a single test: 1.1.1.1,2.2.2.2,3.3.3.3/24
  • Variable packet sizes: 10–100

Contents

Overload.su – L4 Methods: Load & Resilience (TCP/UDP)