Preventing against SYN attack

How to Discourage SYN Attack.

A SYN flood attack is a type of DoS attack.

A SYN packet notifies a server of a new connection. The server then reserve some memory to handle the incoming connection, sends back an acknowledgement, then waits for the client to complete the connection and start sending data. By spoofing large numbers of SYN requests, an attacker can fill up memory on the server, which will sit their waiting for more data that never will arrive. Once memory hasfilled up, the server will be unable to accept connections from legitimate clients. This effectively disables the server.

There are two simple methods you can use to discourage SYN attack.

#1. Configure /etc/sysctl.conf file and make sure “net.ipv4.tcp_syncookies=1”.

#2. Configure IPTables to reject packets if they are not SYN.

iptables -A INPUT -p tcp ! –syn -m state –state NEW -j DROP

Below is the screenshot from my machine.

Preventing against SYN attack

Preventing against SYN attack

Advertisements