I am under DoS attack. My cloud based server hosting company asked me to enable TCP SYN cookie protection to save my domain from SYN Attack. How do I turn on TCP Syn cookie protection under Ubuntu or CentOS Linux based server?
The TCP Syn is DoS (Denial of Service) attack. It consumes resources on your Linux server. The attacker begin with the TCP connection handshake sending the SYN packet, and then never completing the process to open the connection. This results into massive half-open connections. The Linux kernel can block such attacks easily.
See the current settings
Use sysctl command to configure or see kernel parameters at runtime. To see the current settings for net.ipv4.tcp_syncookies kernel parameter, enter:
# sysctl -n net.ipv4.tcp_syncookies
# cat /proc/sys/net/ipv4/tcp_syncookies
Enable TCP SYN cookie protection
Edit the file /etc/sysctl.conf, run:
# vi /etc/sysctl.conf
Append the following entry:
net.ipv4.tcp_syncookies = 1
Save and close the file. To reload the change, type:
# sysctl -p