SYN-flood attack is commonly utilized as a mean to disrupt network communication and it is a form of (Distributed Denial-of-Service) DDOS attack. RFC4987 details common mitigation to deal with SYN-flood attack.
However in this post, I’m going to share you the method that I use to reduce the risk of SYN-flood attack from my department computers, with iptables
/sbin/iptables -N syn-flood /sbin/iptables -A syn-flood -m limit --limit 100/second --limit-burst 100 -j RETURN /sbin/iptables -A syn-flood -j LOG --log-prefix "SYN-flood attempt: " /sbin/iptables -A syn-flood -j DROP
RFC4987 suggests the use of SYN-cookie for added protection. You can enable SYN-cookie protection in Linux by running this command (as root):
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
hope that helps…
Note: I’m not a full-time sysadmin as I’ve a different dayjob, but I was put incharged in securing part of my school’s computer network, so there.
Keep updated with the latest posts, be a part of over 1,000 subscribers! : Subscribe to your email
You might also want to read...
- Iptables rule to safeguard SSH server from crackers
- Limiting the number of connections to SSH Server using Iptables
- Please update/patch and secure Litespeed web server
- How to limit MySQL port access to specific network
- How to secure your SSH server
- How to: Quick and Dirty Web Server Load Balancing with IPTables in Linux
- It nearly hit home – flash flood in Alor Star