Syn Flood

**ayazero** · August 23, 2004, 20:15

Originally posted by Bosniacon

Got questions my friend is running server which is hosted of caurse by hosting company.

He has debian for OS

the realy question is he is getting lattely lots of syn floods from different IP"s that caused also server to shut down for 2 days almost
i do know that most of the attacks are from irc where they spoof the ip

what could me and my friend do to prevent that to happen .......because website is really slow now lately even with 800 users a minute

please help

And btw i was searching for it on google and here also but didn't find no program "software,script or any kind of tool that would protect the server"

btw the server is not installed on home PC because i would get the syn attacks away :(

thank you again

You may turn on the "syn cookies" kernel option, it seems not very effective when the syn flood is strong .

There're some hardware product to defeat it such as "Collapsar" of our Crop.

http://www.nsfocus.com/english/homep.../collapsar.htm

**Bosniacon** · September 10, 2004, 06:59

hm can you tell me how to desable syn cookies in kernel ? "debian"

**AlxRogan** · September 10, 2004, 07:22

Behold the G00gle-f00, first hit:

http://www.google.com/search?hl=en&i...=Google+Search

Note that even using this will not defend against a strong DoS, just the excessive number of incoming half-connects can exhaust system resources. Your friend needs to talk to his hosting company, or their upstream provider, about ingress filtering of syn floods.

**jamil5454** · September 14, 2004, 05:36

a client sends a SYN to a server asking to initiate a connection. these 'half-connections' (as stated above) build up and exhaust system resources (as stated above). I'm 90% sure you can change how many connection attempts are allowed in the kernel.

Syn Flood

Syn Flood

Comment

Comment

Comment

Comment