Ok So over the past weeks my server has been getting pounded with SYN floods. At one point I saw a server load in the 6,600+ range in top.. (dont ask me how ssh was still working but it was slow as hell maybe nginx was helping)
Anyway I have had no luck in blocking these attacks myself so im turning to the community for help. I will list and post up what I have done..
I AM STUCK AT THIS POINT my server is online for 10 minutes then gets hit again. Any help would be AMAZING.
For starters im on CentOS 5 64x ... and I run the NginxCP addon... and have the csf firewall installed below is what I have done.
*side node would hardware ddos like cisco guard stop this?
CSF config file.. Long so Ill attach it -> View attachment csf con.txt
I also have made changes to the as its not as long as the CSF ill just post it (I added the bottom part)
Anyway I have had no luck in blocking these attacks myself so im turning to the community for help. I will list and post up what I have done..
I AM STUCK AT THIS POINT my server is online for 10 minutes then gets hit again. Any help would be AMAZING.
For starters im on CentOS 5 64x ... and I run the NginxCP addon... and have the csf firewall installed below is what I have done.
*side node would hardware ddos like cisco guard stop this?
CSF config file.. Long so Ill attach it -> View attachment csf con.txt
I also have made changes to the as its not as long as the CSF ill just post it (I added the bottom part)
Code:
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# Controls IP packet forwarding
net.ipv4.ip_forward = 0
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename
# Useful for debugging multi-threaded applications
kernel.core_uses_pid = 1
# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1
# Controls the maximum size of a message, in bytes
kernel.msgmnb = 65536
# Controls the default maxmimum size of a mesage queue
kernel.msgmax = 65536
# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736
# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296
# Custom Edits for hardening
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.tcp_fin_timeout = 15
net.ipv4.tcp_keepalive_time = 1800
net.ipv4.tcp_window_scaling = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.tcp_max_tw_buckets = 1440000