How to avoid SYN Flood attacks (kernel 2.0.34)
Posted on 1998-07-06
I administer a Linux internet server, and we have been victim to various SYN Flooding attacks, on
ports 25, 23, 21, 110 and 80. The source IP's of the attacks are spoofed randomly, so we cannot
use IP filtering, since we are an ISP and would be denying access to our own customers.
I use linux kernel 2.0.33, with SYN Cookies and RST Cookies compiled in. I see all the
syslog messages saying that a I am being attacked and so on. Even with these two kernel
options compiled, the attack is still working, the backlog on the ports are still being flooded
and i am unable to access them.
Is there any effective free solution to this SYn flood, apart from filtering source IPs (not possible)
and buying a commercial firewall, like Checkpoint Firewall-1 (not viable)?