Announcement

Collapse
No announcement yet.

Syn Flood

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Syn Flood

    Got questions my friend is running server which is hosted of caurse by hosting company.

    He has debian for OS

    the realy question is he is getting lattely lots of syn floods from different IP"s that caused also server to shut down for 2 days almost
    i do know that most of the attacks are from irc where they spoof the ip

    what could me and my friend do to prevent that to happen .......because website is really slow now lately even with 800 users a minute

    please help

    And btw i was searching for it on google and here also but didn't find no program "software,script or any kind of tool that would protect the server"

    btw the server is not installed on home PC because i would get the syn attacks away :(

    thank you again
    We my be small, but our Shell is big

  • #2
    Originally posted by Bosniacon
    Got questions my friend is running server which is hosted of caurse by hosting company.

    He has debian for OS

    the realy question is he is getting lattely lots of syn floods from different IP"s that caused also server to shut down for 2 days almost
    i do know that most of the attacks are from irc where they spoof the ip

    what could me and my friend do to prevent that to happen .......because website is really slow now lately even with 800 users a minute

    please help

    And btw i was searching for it on google and here also but didn't find no program "software,script or any kind of tool that would protect the server"

    btw the server is not installed on home PC because i would get the syn attacks away :(

    thank you again
    You may turn on the "syn cookies" kernel option, it seems not very effective when the syn flood is strong .

    There're some hardware product to defeat it such as "Collapsar" of our Crop.

    http://www.nsfocus.com/english/homep.../collapsar.htm
    We challenge everything <<

    Comment


    • #3
      hm can you tell me how to desable syn cookies in kernel ? "debian"
      We my be small, but our Shell is big

      Comment


      • #4
        Behold the G00gle-f00, first hit:

        http://www.google.com/search?hl=en&i...=Google+Search

        Note that even using this will not defend against a strong DoS, just the excessive number of incoming half-connects can exhaust system resources. Your friend needs to talk to his hosting company, or their upstream provider, about ingress filtering of syn floods.
        Last edited by AlxRogan; September 10, 2004, 08:26. Reason: Added ingress filtering
        Aut disce aut discede

        Comment


        • #5
          a client sends a SYN to a server asking to initiate a connection. these 'half-connections' (as stated above) build up and exhaust system resources (as stated above). I'm 90% sure you can change how many connection attempts are allowed in the kernel.

          Comment

          Working...
          X