The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to control sync attack.

Discussion in 'General Discussion' started by mail2sacp, Jul 28, 2007.

  1. mail2sacp

    mail2sacp Well-Known Member

    Joined:
    Feb 25, 2007
    Messages:
    71
    Likes Received:
    0
    Trophy Points:
    6
    Hello,

    We are facing the sync attack on our server.

    we are getting following logs when we do netstat -n command.

    tcp 0 0 OurIP:80 91.164.212.89:21078 SYN_RECV
    tcp 0 0 OurIP:80 222.131.23.202:13982 SYN_RECV
    tcp 0 0 OurIP:80 196.217.111.63:20440 SYN_RECV
    tcp 0 0 OurIP:80 82.254.9.34:17726 SYN_RECV
    tcp 0 0 OurIP:80 90.8.229.172:11373 SYN_RECV
    tcp 0 0 OurIP:80 84.190.80.131:38875 SYN_RECV
    tcp 0 0 OurIP:80 80.200.64.25:57977 SYN_RECV
    tcp 0 0 OurIP:80 86.202.45.181:20654 SYN_RECV

    Please let us know how should we control this.

    Thanks
     
  2. koolcards

    koolcards Well-Known Member

    Joined:
    Oct 8, 2003
    Messages:
    146
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Tampa, Fl
    It's been a few years but I used to add this to each machine's /etc/rc.d/rc.local so they would be in effect on each boot.
    You can issue these commands via command line to get them started but the configuration will disappear on reboot unless added to the bootup sequence (rc.local)

    #shut off syn attacks
    echo 1 > /proc/sys/net/ipv4/tcp_syncookies

    # Stop DOS pings
    echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
     
Loading...

Share This Page