Solved

How to avoid SYN Flood attacks (kernel 2.0.34)

Posted on 1998-07-06
3
494 Views
Last Modified: 2010-05-19
I administer a Linux internet server, and we have been victim to various SYN Flooding attacks, on
ports 25, 23, 21, 110 and 80.  The source IP's of the attacks are spoofed randomly, so we cannot
use IP filtering, since we are an ISP and would be denying access to our own customers.

I use linux kernel 2.0.33, with SYN Cookies and RST Cookies compiled in.  I see all the
syslog messages saying that a I am being attacked and so on.  Even with these two kernel
options compiled, the attack is still working, the backlog on the ports are still being flooded
and i am unable to access them.

Is there any effective free solution to this SYn flood, apart from filtering source IPs (not possible)
and buying a commercial firewall, like Checkpoint Firewall-1 (not viable)?

Thank you.

0
Comment
Question by:lincoln
3 Comments
 

Author Comment

by:lincoln
ID: 1584689
Edited text of question
0
 
LVL 2

Expert Comment

by:JYoungman
ID: 1584690
Are you getting the "sending cookies" message?  Do you get it once a minute?  
0
 
LVL 3

Accepted Solution

by:
marcelofr earned 200 total points
ID: 1584691
As far as I know you can't stop syn-floods... You can detect and log them, maybe block the ip, adjust kernel parameters to let the machine work even with a syn-flood, but that's all you can do..

Good luck,

--
Marcelo
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now