CSF Issues / SYN Floods - Input Please

Bigstack14

Member
Nov 23, 2010
12
0
51
Ok So over the past weeks my server has been getting pounded with SYN floods. At one point I saw a server load in the 6,600+ range in top.. (dont ask me how ssh was still working but it was slow as hell maybe nginx was helping)

Anyway I have had no luck in blocking these attacks myself so im turning to the community for help. I will list and post up what I have done..

I AM STUCK AT THIS POINT my server is online for 10 minutes then gets hit again. Any help would be AMAZING.

For starters im on CentOS 5 64x ... and I run the NginxCP addon... and have the csf firewall installed below is what I have done.

*side node would hardware ddos like cisco guard stop this?

CSF config file.. Long so Ill attach it -> View attachment csf con.txt

I also have made changes to the as its not as long as the CSF ill just post it (I added the bottom part)

Code:
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
# sysctl.conf(5) for more details.

# Controls IP packet forwarding
net.ipv4.ip_forward = 0

# Controls source route verification
net.ipv4.conf.default.rp_filter = 1

# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0

# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename
# Useful for debugging multi-threaded applications
kernel.core_uses_pid = 1

# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1

# Controls the maximum size of a message, in bytes
kernel.msgmnb = 65536

# Controls the default maxmimum size of a mesage queue
kernel.msgmax = 65536

# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736

# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296

# Custom Edits for hardening
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.tcp_fin_timeout = 15
net.ipv4.tcp_keepalive_time = 1800
net.ipv4.tcp_window_scaling = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.tcp_max_tw_buckets = 1440000
 

gopkris2005

Well-Known Member
Jan 9, 2007
64
0
156
India
cPanel Access Level
Root Administrator
Twitter
1,In CSF firewall, there is option available to prevent SYN Floods attack. You have not enabled it. Please enable in CSF config SYNFLOOD = "1"
2, disable ping in CSF firewall ICMP ICMP_IN = "0"
3, You have open many ports in your server, try to disable unwanted ports in TCP_IN = , TCP_OUT =

If possible, past last few lines of /var/log/messages