Linux - Prevent server from syn flood attack using tcp syncookies, What is SYN flood attack

Prevent server from syn flood attack using tcp syncookies

Prevent server from SYN flood attack using tcp syncookies

TCP syncookies functionality prevents attackers from blocking up your server by filling up the list of connections by using a clever algorithm and a little cryptography in the TCP sequence numbers. If you're using a fairly new version of Red Hat, you'll be pleased to know that TCP syn cookies support is compiled into the kernel out of the box.

To check if this functionality is enabled or not simply
# cat /proc/sys/net/ipv4/tcp_syncookies 
By default this is disabled but to enable it simply type
# echo 1 > /proc/sys/net/ipv4/tcp_syncookies 
This setting will be reset if the system is rebooted.

To make the change permanent

# vi /etc/sysctl.conf

  tcp_syncookies = 1 //Add the line
To make the change permanent just edit /etc/sysctl.conf and add the line tcp_syncookies = 1

What is SYN flood attack?

It is a type of DoS attack. Tcp_syncookies would protect you from SYN flood attack. This is when an attacker sends many spoofed SYN packets to your server, your server will acknowledge the request to open a connection and send back and SYN.ACK packet. Under normal conditions the attacker's server would send and ACK packet back to complete the handshake and establish a connection. However, as the source address is spoofed, the ACK packet never comes back, and your server has to keep a list of all the incomplete connections. There comes a time when the server cannot track any more incoming connections and stop accepting connections all together.

The topic on Linux - Prevent server from syn flood attack using tcp syncookies is posted by - Honey

Hope you have enjoyed, Linux - Prevent server from syn flood attack using tcp syncookiesThanks for your time

Tech Bluff