Seven Minute Server

Oct 16, 2019 - 1 minute read - security linux

SYN Floods and How to Stop 'Em

I was seeing a lot of request timeouts in my server logs, and did a quick netstat -anlp |more to see what was up.

SYN floods.

Doh! I never did anything to prevent them on my web server.

This was an A-number-one first thing I’d do back in the day. I mean, these were some of the basic settings I loaded into our launch scripts for HeyTell servers…but old age is what it is — I’d also neglected to disable Indexes in my Apache config. Yikes.

So for my memory and yours, foiling SYN flooders is easy work, here’s how you do it:

  1. Add the following lines to /etc/sysctl.conf:

    net.ipv4.tcp_syncookies = 1
    net.ipv4.tcp_max_syn_backlog = 2048
    net.ipv4.tcp_synack_retries = 3
    
  2. Run sysctl -p to load the values.

Et voila, all done, see ya later, alligators.