Solved

How to avoid SYN Flood attacks (kernel 2.0.34)

Posted on 1998-07-06
3
495 Views
Last Modified: 2010-05-19
I administer a Linux internet server, and we have been victim to various SYN Flooding attacks, on
ports 25, 23, 21, 110 and 80.  The source IP's of the attacks are spoofed randomly, so we cannot
use IP filtering, since we are an ISP and would be denying access to our own customers.

I use linux kernel 2.0.33, with SYN Cookies and RST Cookies compiled in.  I see all the
syslog messages saying that a I am being attacked and so on.  Even with these two kernel
options compiled, the attack is still working, the backlog on the ports are still being flooded
and i am unable to access them.

Is there any effective free solution to this SYn flood, apart from filtering source IPs (not possible)
and buying a commercial firewall, like Checkpoint Firewall-1 (not viable)?

Thank you.

0
Comment
Question by:lincoln
3 Comments
 

Author Comment

by:lincoln
ID: 1584689
Edited text of question
0
 
LVL 2

Expert Comment

by:JYoungman
ID: 1584690
Are you getting the "sending cookies" message?  Do you get it once a minute?  
0
 
LVL 3

Accepted Solution

by:
marcelofr earned 200 total points
ID: 1584691
As far as I know you can't stop syn-floods... You can detect and log them, maybe block the ip, adjust kernel parameters to let the machine work even with a syn-flood, but that's all you can do..

Good luck,

--
Marcelo
0

Featured Post

Save on storage to protect fatherhood memories

You're the dad who has everything. This Father's Day, make sure your family memories are protected. My Passport Ultra has automatic backup and password protection to keep your cherished photos and videos safe. With up to 3TB, you have plenty of room to hold the adventures ahead.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now