Prevent SYN Flooding DoS Attacks

This method prevents SYN Flooding DoS attacks/proc/sys/net/ipv4/tcp_syncookies, it is implemented by using the three handshakes of tcp data packets SYN. This method is called SYN Flooding. We can enable the kernel SYN Cookie module to prevent attacks in this way. This SYN Cookie module can be automatically started when the system is used to start the random online port (1024: 65535) that is about to run out. When the SYN Cookie is started, before the host sends a SYN/ACK validation packet, the Client is required to reply to a sequence number in a short time. This sequence number contains many information in the original SYN packet, including IP and port. If the Client can reply to the correct sequence number, the host determines that the data packet is trusted, so it will send SYN/ACK data packets. Otherwise, it will ignore this data packet. Through this mechanism, the invalid SYN wait port can be greatly reduced, avoid SYN Flooding DoS Attacks: # echo "1">/proc/sys/net/ipv4/tcp_syncookies this setting value violates TCP's three handshakes (because the host needs to wait for the Client before sending SYN/ACK) therefore, some services may be delayed, such as SMTP (mail server). But in general, this setting is good, but it is not suitable for servers with high loads, A host with too high load may sometimes cause kernel misjudgment to suffer SYN Flooding Attacks. the kernel has two settings to cancel the ping response: /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts and/proc/sys/net/ipv4/icmp_echo_ignore_all