SYN Flood Advice

security linux ddos

I would use a firewall at the network perimeter to prevent\remediate SYN flood attacks (as well as DOS, DDOS, spoofing, port probes, address space probes, etc.). I don't want this type of stuff getting into my internal network, where I'll have to deal with it on a machine by machine basis.


Since I am not an expert in iptables, I generally let one of two firewalls handle this for me. Both APF and CSF are great firewalls when it comes to protection from SYN attacks, as well as a multitude of other ways folks can attack your server.

I do not know your specific configuration, but I have used both of the said firewalls on "general" cPanel/DirectAdmin/Plesk servers as well as some with custom services and it works great once you allow the right ports.

Separately, you may wish to turn on SYN Cookies, which helps mitigate attacks where SYN is left open. Both of the above scripts have this as an option.

Related

Is it possible to make redundancy on HAProxy server?
How can I set the disk partition alignment using linux tools?
New Sys Admin job...Where do I begin?
Active Directory in a DMZ
How to set up two default routes in linux
Alternative to mod_throttle
CentOS 5 - realtime patch
Windows 10: Group Policy fails to apply directly after boot, succeeds later
Why is site serving different SSL certs to different browsers? [closed]
Configuring outgoing mail to port 587 on Ubuntu/Postfix
Combined NFS, Samba server w users from Active Directory
Self-host an application or outsource it? [closed]