Tuesday, April 9, 2013

Protect Against SYN Flood DDOS/DOS Denial Of Service Attacks

There are a few baseline variables you can set in the Linux kernel to help protect your server against SYN Floods.
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 2048 > /proc/sys/net/ipv4/tcp_max_syn_backlog
echo 3 > /proc/sys/net/ipv4/tcp_synack_retries
To make these persist across reboots, enter the following into /etc/sysctl.conf
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_synack_retries = 3
It is also recommended you install CSF firewall to help your servers' security. CSF also includes SYN Flood mitigation at the firewall iptables/firewall level.