How to Avoid SYN Cookies DOS Attacks

SYN Flooding is the most common DDOS attack. I have tried to explain some tweaks through which you can avoid these attacks.

First of all you need to make sure to set following values in your /etc/sysctl.conf file:

net.ipv4.tcp_syncookies=0

Set iptables accordingly. iptables comes with a module limit by using it a DDOS attack can be tackled.

1. Create a new chain and name it, say, SYNFLOOD,

# iptables -N SYNFLOOD

2. Add a limit to no.of packets 15 per second with a max burst of about 20, by using the limit module.

# iptables -A SYNFLOOD -m limit –limit 15/second –limit-burst 20 -j ACCEPT

NOTE: –limit 15/second value can be less or more, based on your server traffic. So please use hit & trial method to find a correct threshold value for your server.

3. And of course, we will need to drop packets which exceed the above limitation

# iptables -A SYNFLOOD -j DROP

4. Now all that was left was to “jump” to this new chain for incoming tcp syn packets on port 80.

# iptables -A INPUT -p tcp –syn –dport http -j SYNFLOOD

And to look at what was set up –

# iptables -L -v

 

Enjoy !!!

Leave a Reply

Your email address will not be published. Required fields are marked *