ACK Attack

We are getting spoofed ack flood on our linux hosting server.
Is there any possible way to clean the traffic on ip tables or is there any software that is drops the ACK packets that comes without SYN
FireBallITAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SStoryCommented:
#drop new connections that don't start with SYN
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
0
FireBallITAuthor Commented:
Thanks for your reply

There is a cent os server which is on bridge mode infront of this server . We are using it as a firewall
Is there any rule that we can apply on it ?
0
FireBallITAuthor Commented:
on our topology it does not stopped the attackk
0
SStoryCommented:
I think it the server is in bridge mode it will just pass it through without routing.  You could always put a hardware appliance firewall in front of it all.  I am not sure why the above wouldn't work if it placed near the top of your iptables input chain. It says if TCP on a new connection and not syn, drop it.  This would not stop existing connections. Maybe you would have to drop all current connections for it to work.

Do any of these help you?
http://www.experts-exchange.com/Networking/Protocols/TCP-IP/Q_27559448.html
http://www.experts-exchange.com/Security/Operating_Systems_Security/Linux/Q_21724369.html
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
FireBallITAuthor Commented:
Yes i have opened an other question about that yesterday i find out and let it work for one day we have tested multiple time but today it has been stopped strangely :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.