Portal Home > Knowledgebase > Articles Database > Syn flood help
Syn flood help
| Posted by MMrs, 04-14-2012, 07:55 AM |
| Hi.
Some script kiddie is attacking my server with syn flood (few times a day). I have 1Gbps connection (not unmetered but it is more than enough to handle that attack).
Problem: my server limit for SYN_RECV state connections is 256 according to netstat because while DDoS this is the number of SYN_RECV state connections and real clients can not connect with server using TCP protocol. They attack port 80.
I am using Debian.
I am using Nginx.
I have syn_cookies enabled.
I increased tcp_max_syn_backlog to 2048.
Is there way to increase that limit of SYN_RECV connections or are there any other suggestions?
Thanks.
|
| Posted by net, 04-14-2012, 07:58 AM |
| Moved > Hosting Security and Technology.
|
| Posted by brianoz, 04-15-2012, 08:02 AM |
| Syn Cookies are supposed to remove the need for a high syn backlog, so something else may be going wrong.
|
| Posted by Infinitnet, 04-15-2012, 08:36 AM |
|
|
| Posted by MMrs, 04-15-2012, 11:03 AM |
| It might be something to do with firewall.
Also forgot to tell, they use probably spoofed IP addresses.
|
| Posted by pdqso, 04-15-2012, 11:36 AM |
| nginx has IP limits with a built in module, check out their website for the configuration and submit a message to the mailing list which gets responded to very quickly
|
Add to Favourites 
Print this Article
Also Read
Mailman Error (Views: 749)
Shared Hosting
Shared Hosting
