09 Sep 2010
Support Center
»
Knowledgebase
»
SYN Flood Protection (Linux)
SYN Flood Protection (Linux)
Article
SYN Flood is makes your server CPU load overhead which make it slowly and makes services such as (HTTPD, FTPD, etc...) get terminated by overload process.
Anyway I got the solution (Linux) to how to detect and permanent block the attackers from any aggressive attack on your server
Following command to count hosts are doing SYN Attack :-
[root@host ~]# netstat -nap |grep SYN |wc -l
GRAP All Hosts who doing SYN Attack with following command (You can add them in your Firewall/host deny list):-
[root@host ~]# netstat -n -p | grep SYN_REC | awk '{print $5}' | awk -F: '{print $1}'
For aggressive flood protection you can use the following command :-
[root@host ~]# iptables -A INPUT -p tcp --syn -m limit --limit 1/s --limit-burst 3 -j RETURN
or for normal flood protection you can use the following command:-
[root@host ~]# iptables -A INPUT -p tcp --syn -m limit --limit 5/s --limit-burst 15 -j RETURN
In above example all incoming connection are allowed till limit is reached.
--limit 1/s: Maximum average matching rate in seconds
--limit-burst 3: Maximum initial number of packets to match
Article Details
Article ID:
40
Created On:
01 Oct 2009 12:56 PM
This article was helpful
This article was not helpful
User Comments
Add a Comment
If you would like to comment on this entry, please use the form below. Comments may be queued for moderation, and will not be published until approved.
Image verification required
Please enter the characters that appear to the right in the space provided. This is just to verify that you are a human.
Full Name:
E-mail Address: (optional)
Comment:
Back
Log in
[Lost Password]
E-mail:
Password:
Remember Me:
Search
-- Entire Support Site --
Knowledgebase
Downloads
Troubleshooter
Article Options
Add Comment
Print Article
PDF Version
E-mail Article
Add to Favorites
Home
|
Register
|
Submit a Ticket
|
Knowledgebase
|
Troubleshooter
|
News
|
Downloads
Language:
English (U.S.)
Arabic
