Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


How to defend against a sync flood attack?

Posted on 2011-09-27
Medium Priority
Last Modified: 2012-06-27
Hello, I heard on the sync flood attack which is being used for the DOS (Denial of Service). Is there a way in Linux we can prevent it? Thanks!
Question by:beer9
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 68

Expert Comment

ID: 36708833

this is the official CERT advisory.

Basically it says that ...

There is, as yet, no generally accepted solution to this problem with the current IP protocol technology. However, proper router configuration can reduce the likelihood that your site will be the source of one of these attacks.

LVL 12

Expert Comment

ID: 36714496
The advisory also gives some advice for configuring routers  to reduce the effectiveness of an attack. Keep in mind that the attack relies on the use of a source address that won't complete the three-way handshake, so the use of non-routable addresses is common and easily filtered.

In addition, most firewalls or intrusion prevention systems offer some detection and connection throttling to protect downstream systems.

Author Comment

ID: 36902817
Do we have any tool on hosts (linux box) which can help us to prevent/defend this attack? what I should do if I notice this attack?

I am curious to know if anything I can do at hosts level.
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

LVL 12

Expert Comment

ID: 36907640
Iptables is a powerful tool for defending against several attacks. Beyond simple rules to deny connections from non-routable addresses, it also provides features like connection throttling to limit the effectiveness of these attacks. There are several web sites with details on how to block things like Xmas attacks, etc..

Add a tool like ossec to watch the logs created by iptables to give you a heads up when something's going on.

Finally, there's no substitute for a dedicated ips/firewall to take the brunt of this and offload your apps servers and workstations. There are plenty of opensource solutions, many based on tools like snort.

Author Comment

ID: 36908257
Hi hfraser, When you say "Keep in mind that the attack relies on the use of a source address that won't complete the three-way handshake, so the use of non-routable addresses is common and easily filtered."

then i think you are talking about private-ip address (non-routable). But if my laptop has private IP address and it is behind a wifi router and using NAT. so does it mean iptables on web server on which I am sending the request can filter my traffic?? Thanks!
LVL 12

Accepted Solution

hfraser earned 2000 total points
ID: 36908861
Since the syn flood relies on a source ip that cannot complete the handshake, any impossible-to-reach address will do. Usually, you will filter traffic from private-ip ranges only on your border device like your WiFi router or a firewall. It's not a technique that applies to your laptop.

Keep in mind there are several private-ip ranges, so even if you're using 192.168 internally, you can still filter out the other ranges.

Author Closing Comment

ID: 36935017
Thank you! :-)

Featured Post

Not sure which OpenStack Certification to get?

So you’ve realized you might want to get certified in OpenStack, but you’re not sure what the benefits might be or even which one you should take. You know there are several certification courses you can choose from, but how do you know which one is right for you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
Over the last ten+ years I have seen Linux configuration tools come and go. In the early days there was the tried-and-true, all-powerful linuxconf that many thought would remain the one and only Linux configuration tool until the end of times. Well,…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question