Seven Minute Server

Oct 16, 2019 - 1 minute read - security linux

SYN floods and how to stop 'em

I was seeing a lot of request timeouts in my server logs, and did a quick netstat -anlp |more to see what was up.

SYN floods.

Doh! I never did anything to prevent them on my web server.

This was an A-number-one first thing I’d do back in the day. I mean, these were some of the basic settings I loaded into our launch scripts for HeyTell servers…but old age is what it is — I’d also neglected to disable Indexes in my Apache config. Yikes.

So for my memory and yours, foiling SYN flooders is easy work, here’s how you do it:

  1. Add the following lines to /etc/sysctl.conf:
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_synack_retries = 3
  1. Run sysctl -p to load the values.

Et voila, all done, see ya later, alligators.