Effective ways of mitigating Spoofed Syn Flood with iptables

Asked Sep 26 '12 at 11:32

Active Sep 26 '12 at 11:32

Viewed 60 times

Possible Duplicate:
SYN Flood Advice

Heyo,

Been dealing alot with spoofed syn floods lately. Are there any tips or tricks we could do to better survive them?

Syn Cookies are already enabled.

Is there anything I could do on a TCP level? the attack itself is only ~100mbs but can eat through the CPU.

My ideas: Dropping syn packets that are not in a certain size range (what range?) Modifying some linux networking variables (window scaling?)

....and thats it. Is there any common ways to catch "most" spoofed syn floods, or any tips and tricks to make them more survivable?

edited Apr 13 '17 at 12:14

Community

asked Sep 26 '12 at 11:32

Mr Tired

not duplicate. spoofed syn very different than syn only – Mr Tired Sep 26 '12 at 19:29
They're _all_ spoofed. – Michael Hampton Sep 27 '12 at 01:30
Sorry, that is incorrect (obviously- a syn packet is the first part of a tcp connection and if every request was spoofed nobody would get a response). A Spoofed Syn is different than unspoofed syn. If you have more questions please google "spoofed vs unspoofed" and it should show you some good data on how TCP connections work. – Mr Tired Sep 27 '12 at 04:22

0 Answers0