The TCP Syn is DoS (Denial of Service) attack. It consumes resources on your Linux server. The attacker begin with the TCP connection handshake sending the SYN packet, and then never completing the process to open the connection. This results into massive half-open connections. The Linux kernel can block such attacks easily.
See the current settings
Use sysctl command to configure or see kernel parameters at runtime. To see the current settings for net.ipv4.tcp_syncookies kernel parameter, enter:
# sysctl -n net.ipv4.tcp_syncookies
OR
# cat /proc/sys/net/ipv4/tcp_syncookies
Sample outputs:
Enable TCP SYN cookie protection
Edit the file /etc/sysctl.conf, run:
# vi /etc/sysctl.conf
Append the following entry:
net.ipv4.tcp_syncookies = 1 |
Save and close the file. To reload the change, type:
# sysctl -p
Recommended readings
- How to set advanced security options of the TCP/IP stack and virtual memory to improve security and performance of your Linux based system.
- Twenty Linux server hardening security tips
- Linux firewall tutorial and shorewall firewall tutorial for more information.
4 comment
What’s the positive and negative aspects of this command? I’m interested what exactly the setting does do :)
this will create a timeout to drop this open connections. preventing a syn flood attack.
regards
When i run command
netstat -an | grep :80 | grep -i syn | wc -l
I see more than 250 connections, that cause Apache timeout error, is this a fix for this?
I did like shown in this post, but i can not check will it work because attack passed….
HELLO,
What this person described above is NOT CORRECT!
This person showed both of these commands;
sysctl -n net.ipv4.tcp_syncookies
cat /proc/sys/net/ipv4/tcp_syncookies
If you NOTICED they have 1 showing, that means it’s ENABLED, so you don’t need to do anything, which they did not explain!
ONLY do; net.ipv4.tcp_syncookies = 1 if you don’t get a 1 in the cmds!