Browse Tag: ddos

Syn flooding

Symptom:

Tons of the following in dmesg:

NET: 2348203 messages suppressed.
TCP: drop open request from ip
NET: 2392 messages suppressed.
TCP: drop open request from ip
etc, etc, etc

To put a quick halt to the attack, enable syn_cookies:

[code lang=”bash”]echo 1 > /proc/sys/net/ipv4/tcp_syncookies[/code]

This doesn’t persist after a reboot. To make it persist, edit /etc/sysctl.cnf as follows:
net.ipv4.tcp_syncookies = 1