Detailed explanation of steps to defend against SYN attacks in Linux

1. Default syn configuration

sysctl -a | grep _syn
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_synack_retries = 5
net.ipv4.tcp_syn_retries = 5

tcp_max_syn_backlog is the length of the SYN queue. Increasing the length of the SYN queue can accommodate more network connections waiting for connections. tcp_syncookies is a switch, whether to turn on the SYN Cookie function, which can prevent some SYN attacks. tcp_synack_retries and tcp_syn_retries define the number of SYN connection retries, and reduce the default parameters to control the number of SYN connections as little as possible.

2. Modify syn configuration

ulimit -HSn 65535
sysctl -w net.ipv4.tcp_max_syn_backlog=2048
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_synack_retries=2
sysctl -w net.ipv4.tcp_syn_retries=2

3. Add firewall rules

#Syn 洪水攻击(--limit 1/s 限制syn并发数每秒1次)
iptables -A INPUT -p tcp --syn -m limit --limit 1/s -j ACCEPT
#防端口扫描
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
#防洪水ping
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT

4. Add startup

Finally, don’t forget to write the commands in 2, 3 and 3 to /etc/rc.d/rc.local

The above is the detailed content of Detailed explanation of steps to defend against SYN attacks in Linux. For more information, please follow other related articles on the PHP Chinese website!