Highest Voted 'syn' Questions - Server Fault Stack Exchange

1

vote

0 answers

SYNPROXY doesn't seem to be running

I have attempted to create iptables rules to prevent my server connections limit to be filled up with in-completed SYN packets for which no ACK packet is returned by the client (SYN flood attack). I have read the [RFC 4987 TCP SYN Flooding Attacks…

iptables flooding syn

asked Jul 25 '19 at 19:46

I'm Root James

212
3
13

1

vote

1 answer

Azure Ubuntu VM: Is a connection to 168.63.129.16:80 mandatory for Basic DDOS protection?

Yesterday I noticed some suspicous activity when running netstat | grep http on my Azure Ubuntu VM: There were over 60 lines like this: tcp 0 0 ser:http hosted-by.blazing:29248 SYN_RECV tcp 0 0 ser:http …

ubuntu azure ddos syn

asked Nov 12 '18 at 14:15

v25

764
1
6
14

1

vote

1 answer

Slow SYN flood: preventing SYN amplification?

a (linux) webserver I administer (on a VPS) for a low volume website has just been subjected to about 5 SYN requests/second on port 80, with no other traffic coming from the remote host. It was more of a drip than a flood, but it went on for…

ddos syn

asked Oct 01 '18 at 08:30

somloigaluska

13
4

1

vote

1 answer

Possible SYN flooding - Apache & Sphinx listened ports

I’ve been getting this message: possible SYN flooding. I already tweaked the "net.ipv4.tcp_max_syn_backlog" directive, but the issue persists and I cannot determine the reason. To be noted this is not a DDoS situation, but high level of traffic. I…

linux-networking tcp apache2 sphinxsearch syn

asked Aug 22 '17 at 12:03

Thor

11
1

1

vote

1 answer

Multiple syn's packets before handshake?

I have a scenario, I'm analyzing ssl (decrpyt) traffic to my webserver. I'm investigating server and end-to-end delay issues. In between this I'm stuck at following traffic pattern for which I need some advice/suggestion. The patter shows:- client …

wireshark syn

asked Aug 04 '15 at 18:33

asad

11
3

1

vote

1 answer

TCP syn, ack Lost Before Entering IPsec VPN tunnel

I have configured a site to site VPN which is working fine as traffic is going through the tunnel. I am able to ping and Telnet hosts on the other network and they are able to ping me back. The problem I have is that when hosts on the other network…

vpn ipsec syn

asked Jul 01 '15 at 12:42

Mundeez

11
1
5

1

vote

1 answer

No response to TCP SYN packet when padding is not 0's or F's

I have this client which initiates a 3 way handshake with a SYN packet but there is no SYN ACK response. We figured out that it was because the client did not pad the end of the TCP headers with 0's or F's but with other values (we used packet…

windows tcp syn

asked May 04 '15 at 16:49

yan bellavance

243
1
4
12

1

vote

0 answers

How to block hping3 SYN ACK efficiently with iptables?

I'm trying to execute a TCP SYN flood on my Debian web server with nginx. Executing tcpdump "tcp[tcpflags] & (tcp-syn) != 0" while flooding, I see all packets coming. iptables seem to work well with SYN packets generated from raw socket, but not…

nginx iptables attacks flooding syn

asked Mar 11 '15 at 23:47

Franzz

11
2

1

vote

1 answer

No SYN/ACK answer from server

At first I describe my LAN organization. I have 2 Networks (scheme http://take.ms/s3CSy): 192.168.0.0 / 255.255.255.0, router ASUS RT-N65U with internal IP 192.168.0.1, static external IP without NAT: 1.2.3.4. Router running VPN PPTP server, VPN…

tcp syn

asked Jan 11 '15 at 17:17

Aydar

41
7

1

vote

1 answer

Enabling syncookies in /proc not working

I'm trying to enable syncookies by echoing '1' in de /proc file like this: echo 1 > /proc/sys/net/ipv4/tcp_syncookies (I also tried it with quotes, without whitespace "1>/proc...") However after running this command, there is still a '0' in the…

linux syn

asked Dec 22 '14 at 17:00

Sam Hendrickx

71
9

1

vote

1 answer

Google Computer Engine Firewall and IpTables

I am very new to to server administration and just discovered that I can use Google Compute Engine to host my website similar to way it works with Linode or Digital Ocean. I am unsure on the following questions related firewall set-up with Google…

centos iptables google google-compute-engine syn

asked Oct 09 '14 at 22:18

Neel

1,441
7
21
35

1

vote

2 answers

Incoming TCP SYNs possibilities

This might be a general TCP question. Can I receive TCP SYN packet on an ESTABLISHED connection OR a connection in TIME-WAIT state? Is this possible?

networking unix tcp tcpip syn

asked Jun 24 '14 at 18:49

hari

270
1
4
17

1

vote

1 answer

Block SYN,ACK response with iptables

I have a virtual environment and Iam making a SYN flood attack to a Ubuntu Server's port 53 using Kali 2020. I realized that a countermeasure for this attack is to limit or block the responses to the SYN packets, which are the SYN,ACK. But how can I…

iptables tcp flooding syn

asked Apr 09 '20 at 16:04

user568948

11
3

0

votes

1 answer

Using different rate than the default 1/second in iptables

This code does its job perfectly in limiting syn connections but in line 4 instead of 1/s i need it to be 1/5 seconds, it's an assignment i'm working on that needs to protect against syn-flood attacks iptables -N syn_flood iptables -A INPUT -p tcp…

iptables ddos syn

asked Nov 14 '19 at 19:54

sylvain

1
1

0

votes

1 answer

iptables ... -j DROP appears to leave connections open?

So forgive me if this is a dumb question, I'm not much of a networking expert. A friends server is being flooded by a certain IP, which is pretty obvious when looking at the output of tcptrace, as there are hundreds of connections with state…

iptables tcp denial-of-service flooding syn

asked Feb 25 '19 at 18:38

DarkWiiPlayer

103
2

Questions tagged [syn]