• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 509
  • Last Modified:

How to avoid SYN Flood attacks (kernel 2.0.34)

I administer a Linux internet server, and we have been victim to various SYN Flooding attacks, on
ports 25, 23, 21, 110 and 80.  The source IP's of the attacks are spoofed randomly, so we cannot
use IP filtering, since we are an ISP and would be denying access to our own customers.

I use linux kernel 2.0.33, with SYN Cookies and RST Cookies compiled in.  I see all the
syslog messages saying that a I am being attacked and so on.  Even with these two kernel
options compiled, the attack is still working, the backlog on the ports are still being flooded
and i am unable to access them.

Is there any effective free solution to this SYn flood, apart from filtering source IPs (not possible)
and buying a commercial firewall, like Checkpoint Firewall-1 (not viable)?

Thank you.

0
lincoln
Asked:
lincoln
1 Solution
 
lincolnAuthor Commented:
Edited text of question
0
 
JYoungmanCommented:
Are you getting the "sending cookies" message?  Do you get it once a minute?  
0
 
marcelofrCommented:
As far as I know you can't stop syn-floods... You can detect and log them, maybe block the ip, adjust kernel parameters to let the machine work even with a syn-flood, but that's all you can do..

Good luck,

--
Marcelo
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now