How to control sync attack.

mail2sacp

Well-Known Member
Feb 25, 2007
71
0
156
Hello,

We are facing the sync attack on our server.

we are getting following logs when we do netstat -n command.

tcp 0 0 OurIP:80 91.164.212.89:21078 SYN_RECV
tcp 0 0 OurIP:80 222.131.23.202:13982 SYN_RECV
tcp 0 0 OurIP:80 196.217.111.63:20440 SYN_RECV
tcp 0 0 OurIP:80 82.254.9.34:17726 SYN_RECV
tcp 0 0 OurIP:80 90.8.229.172:11373 SYN_RECV
tcp 0 0 OurIP:80 84.190.80.131:38875 SYN_RECV
tcp 0 0 OurIP:80 80.200.64.25:57977 SYN_RECV
tcp 0 0 OurIP:80 86.202.45.181:20654 SYN_RECV

Please let us know how should we control this.

Thanks
 

koolcards

Well-Known Member
Oct 8, 2003
146
0
166
Tampa, Fl
It's been a few years but I used to add this to each machine's /etc/rc.d/rc.local so they would be in effect on each boot.
You can issue these commands via command line to get them started but the configuration will disappear on reboot unless added to the bootup sequence (rc.local)

#shut off syn attacks
echo 1 > /proc/sys/net/ipv4/tcp_syncookies

# Stop DOS pings
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts