Drop Sync/DDOS Attack


Good info on tuning sysctl conf for syn

ServerAdminz Linux Blog

1. Find.. to which IP address in the server is targeted by the ddos attack

netstat -plan  | grep  :80 | awk ‘{print $4}’ | cut -d: -f1 |sort |uniq -c

2. Find… from which IPs, the attack is coming

netstat -plan  | grep  :80 | awk ‘{print $5}’ | cut -d: -f1 |sort |uniq -c

In csf:

vi /etc/csf/csf.conf

SYNFLOOD is disabled by default. If you are not receiving any sort of attack, there is no need to enable it. If you are expecting an attack, enable it and set the rules a bit strict, like
SYNFLOOD_RATE = “5/s”
SYNFLOOD_BURST = “3”
my eg:
SYNFLOOD = “1”
SYNFLOOD_RATE = “30/s”
SYNFLOOD_BURST = “10”

SYNFLOOD

SYNFLOOD is disabled by default. If you are not receiving any sort of attack, there is no need to enable it. If you are expecting an attack, enable it and set the rules a bit…

View original post 446 more words

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s