The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

CSF Issues / SYN Floods - Input Please

Discussion in 'Security' started by Bigstack14, Apr 3, 2013.

  1. Bigstack14

    Bigstack14 Member

    Joined:
    Nov 23, 2010
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Ok So over the past weeks my server has been getting pounded with SYN floods. At one point I saw a server load in the 6,600+ range in top.. (dont ask me how ssh was still working but it was slow as hell maybe nginx was helping)

    Anyway I have had no luck in blocking these attacks myself so im turning to the community for help. I will list and post up what I have done..

    I AM STUCK AT THIS POINT my server is online for 10 minutes then gets hit again. Any help would be AMAZING.

    For starters im on CentOS 5 64x ... and I run the NginxCP addon... and have the csf firewall installed below is what I have done.

    *side node would hardware ddos like cisco guard stop this?

    CSF config file.. Long so Ill attach it -> View attachment csf con.txt

    I also have made changes to the as its not as long as the CSF ill just post it (I added the bottom part)

    Code:
    # Kernel sysctl configuration file for Red Hat Linux
    #
    # For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
    # sysctl.conf(5) for more details.
    
    # Controls IP packet forwarding
    net.ipv4.ip_forward = 0
    
    # Controls source route verification
    net.ipv4.conf.default.rp_filter = 1
    
    # Do not accept source routing
    net.ipv4.conf.default.accept_source_route = 0
    
    # Controls the System Request debugging functionality of the kernel
    kernel.sysrq = 0
    
    # Controls whether core dumps will append the PID to the core filename
    # Useful for debugging multi-threaded applications
    kernel.core_uses_pid = 1
    
    # Controls the use of TCP syncookies
    net.ipv4.tcp_syncookies = 1
    
    # Controls the maximum size of a message, in bytes
    kernel.msgmnb = 65536
    
    # Controls the default maxmimum size of a mesage queue
    kernel.msgmax = 65536
    
    # Controls the maximum shared segment size, in bytes
    kernel.shmmax = 68719476736
    
    # Controls the maximum number of shared memory segments, in pages
    kernel.shmall = 4294967296
    
    # Custom Edits for hardening
    net.ipv4.conf.all.rp_filter = 1
    net.ipv4.conf.lo.rp_filter = 1
    net.ipv4.conf.eth0.rp_filter = 1
    net.ipv4.conf.default.rp_filter = 1
    net.ipv4.conf.all.accept_redirects = 0
    net.ipv4.conf.lo.accept_redirects = 0
    net.ipv4.conf.eth0.accept_redirects = 0
    net.ipv4.conf.default.accept_redirects = 0
    net.ipv4.tcp_fin_timeout = 15
    net.ipv4.tcp_keepalive_time = 1800
    net.ipv4.tcp_window_scaling = 0
    net.ipv4.icmp_echo_ignore_broadcasts = 1
    net.ipv4.tcp_max_tw_buckets = 1440000
    
     
  2. caisc

    caisc Active Member

    Joined:
    Oct 5, 2011
    Messages:
    34
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    India
    cPanel Access Level:
    Root Administrator
    I never heard of load at levels - 6,600+
    Just curious to know your server config.
     
  3. gopkris2005

    gopkris2005 Well-Known Member

    Joined:
    Jan 9, 2007
    Messages:
    61
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    INDIA
    cPanel Access Level:
    Root Administrator
    Twitter:
    1,In CSF firewall, there is option available to prevent SYN Floods attack. You have not enabled it. Please enable in CSF config SYNFLOOD = "1"
    2, disable ping in CSF firewall ICMP ICMP_IN = "0"
    3, You have open many ports in your server, try to disable unwanted ports in TCP_IN = , TCP_OUT =

    If possible, past last few lines of /var/log/messages
     
Loading...

Share This Page