What is SYN Attack?

Ideal place for discussions related to Linux/Windows server security, Apache, MySQL, MS SQL and PHP, including tutorials and questions.
hrdedicated
Site Admin
Posts: 50
Joined: Thu May 30, 2013 10:28 pm

What is SYN Attack?

Postby hrdedicated » Sat Jun 01, 2013 11:55 am

SYN Attack:

Introduction:

A SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system. Some systems can misdetection a SYN Flood when being scanned for open proxies, as commonly done by IRC servers and services. These are not SYN Floods, merely an automated system designed to check the connecting IP

To protect from SYN attack add following iptables on the server.

Steps:

1. Login to server as root

2. Then edit, vi /etc/sysconfig/iptables

3. Add following rules at the end, (Esc+shift+G)

#Protect from SYN Attack

iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A INPUT -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,FIN FIN -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,PSH PSH -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,URG URG -j DROP
iptables -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --sport 1024:65535 --dport 20 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT



4. Then save iptables configuration using cmds:

#service iptables save



5. Then restart iptables service:

#service iptables restart

Return to “System Security”

Who is online

Users browsing this forum: No registered users and 2 guests