Hi All,
SYN attack is in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.
Normally the client-server request run like this:
- The client requests a connection by sending a SYN (synchronize) message to the server.
- The server acknowledges this request by sending SYN-ACK back to the client.
- The client responds with an ACK, and the connection is established.
A SYN flood attack works by not responding to the server with the expected ACK code.
This can be avoided by using different methods as follows
- Filtering
- Increasing Backlog
- Reducing SYN-RECEIVED Timer
- Recycling the Oldest Half-Open TCP
- SYN Cache
- SYN cookies
- Hybrid Approaches
- Firewalls and Proxies
In Linux servers/nodes this attack can be prevent with SYN cookies.
First we need to enable SYN cookies mechanism in the server by the executing command:
# echo 1 > /proc/sys/net/ipv4/tcp_syncookiesSecondly we need to increase the backlog queue to 2048 by the command:
# sysctl -w net.ipv4.tcp_max_syn_backlog=”2048″That's It
[/list]