Categories: Hostripples Featured

How to stop syn attack on linux server

The SYN (TCP connection request) attack is a common denial of service (DoS) technique.

A SYN flood is a form of denial-of-service attack in which an attacker sends a succession ofSYN requests to a target’s system

When a client attempts to start a TCP connection to a server, the client and server exchange a series of messages which normally runs like this:

  1. The client requests a connection by sending a SYN (synchronize) message to the server.
  2. The server acknowledges this request by sending SYN-ACK back to the client.
  3. The client responds with an ACK, and the connection is established.

How to check the SYN attack on  the server.

A quick and useful command for checking if a server is under ddos:
netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

That will list the IPs taking the most amounts of connections to a server. It is important to remember that ddos is becoming more sophisticated and they are using fewer connections with more attacking ips. If this is the case you will still get low number of connections even while you are under a DDOS.

Another very important thing to look at is how many active connections your server is currently processing.

netstat -n | grep :80 |wc -l

netstat -n | grep :80 | grep SYN |wc -l

The first command will show the number of active connections that are open to your server. Many of the attacks typically seen work by starting a connection to the server and then not sending any reply making the server wait for it to time out. The number of active connections from the first command is going to vary widely but if you are much above 500 you are probably having problems. If the second command is over 100 you are having trouble with a syn attack.

Solution:

First go with

echo 1 > /proc/sys/net/ipv4/tcp_syncookies

and then

Try with all these IPtables rule , there may other attacks too.

iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A INPUT -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,FIN FIN -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,PSH PSH -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,URG URG -j DROP

then,

service iptables save
service iptables restart

it should resolve your issue.

Vishwajit Kale
Vishwajit Kale blazed onto the digital marketing scene back in 2015 and is the digital marketing strategist of Hostripples, a company that aims to provide affordable web hosting solutions. Vishwajit is experienced in digital and content marketing along with SEO. He's fond of writing technology blogs, traveling and reading.
View all posts
Tags: acknowledgesattackDDOSDoSNetworkServerSYNSYN attackSYN floodSYN-ACKsynchronizeTCP connectionTCP connection request
11 years ago
Leave a Comment

Recent Posts

What is a Call to Action in Marketing? Definition + Examples

In the world of digital marketing, getting attention is only half the battle. The real goal is to convince people…

7 days ago

Website Bandwidth: What it is and Why it Matters?

Introduction In today's digital world, understanding website bandwidth is essential for anyone running a website. Whether you own a blog,…

2 weeks ago

Will AI Replace Developers in the Future?

Artificial intelligence is changing the tech world at lightning speed. From automated chatbots to AI-generated applications, many people are now…

3 weeks ago

What is Bot Traffic? Easy Ways to Detect and Block It

Introduction to Bot Traffic Bot traffic refers to visits to a website that come from automated software programs rather than…

1 month ago

100+ Essential Windows Commands You Can’t Ignore

Windows may look like a point-and-click operating system, but under the hood, commands still do a lot of the heavy…

1 month ago

Resources