NoBIGTech Wiki Técnico

Protect your *nix server from SYN flooding

This are some basic anti-script-kiddie sysctl configurations to protect your server from SYN flooding

net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_max_syn_backlog=2048
net.ipv4.tcp_synack_retries=3

You can apply this changes live without rebooting using sysctl, for example:

sysctl net.ipv4.conf.default.rp_filter=1

Source: https://serverfault.com/questions/459607/tune-linux-kernel-against-syn-flood-attack

NoBIGTech Wiki Técnico

User Tools

Site Tools

Protect your *nix server from SYN flooding

Page Tools