Get your server issues fixed by our experts for a price starting at just 25 USD/Hour. Click here to register and open a ticket with us now!
« previous next »
Pages: [1]   Go Down

Author Topic: How to prevent SYN attack  (Read 2080 times)

0 Members and 1 Guest are viewing this topic.

mohitht

  • Guest
How to prevent SYN attack
« on: January 30, 2014, 10:08:02 pm »
    Hi All,

    SYN attack is in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.


Normally the client-server request run like this:
  • The client requests a connection by sending a SYN (synchronize) message to the server.
  • The server acknowledges this request by sending SYN-ACK back to the client.
  • The client responds with an ACK, and the connection is established.

A SYN flood attack works by not responding to the server with the expected ACK code.


This can be avoided by using different methods as follows

  • Filtering
  • Increasing Backlog
  • Reducing SYN-RECEIVED Timer
  • Recycling the Oldest Half-Open TCP
  • SYN Cache
  • SYN cookies
  • Hybrid Approaches
  • Firewalls and Proxies


In Linux servers/nodes this attack can be prevent with SYN cookies. 


First we need to  enable SYN cookies mechanism in the server by the executing command:

# echo 1 > /proc/sys/net/ipv4/tcp_syncookies

Secondly we need to  increase the backlog queue to 2048 by the command:

# sysctl -w net.ipv4.tcp_max_syn_backlog=”2048″



That's It :)
Thanks for Your Time  :)[/list]
« Last Edit: January 30, 2014, 10:09:51 pm by Mohith Tom »
Logged
Pages: [1]   Go Up
« previous next »