Fully handle Linux syn Attacks

Linux syn attack is a type of hacker attack. How to deal with and reduce such attacks is a very important task for system administrators. How can we do this well? I hope this article will give you some inspiration, this allows you to easily defend against Linux syn attacks in your future work.

VM service providers may be attacked by hackers during operation. Common attacks include SYN and DDOS attacks. By changing the IP address, it is possible to find the attacked site to avoid the attack, but the service interruption takes a long time. A thorough solution is to add a hardware firewall. However, hardware firewalls are expensive. You can consider using the firewall function provided by the Linux system to defend against attacks.

Anti-SYN flood uses the three-way handshake principle of the TCP/IP protocol to send a large number of network packets that establish connections, but do not actually establish connections, eventually, the network queue of the attacked server is full and cannot be accessed by normal users.

The Linux Kernel provides several SYN-related configurations. Run the following command: sysctl-a | grep syn:
Net. ipv4.tcp _ max_syn_backlog = 1024 net. ipv4.tcp _ syncookies = 0
Net. ipv4.tcp _ synack_retries = 5 net. ipv4.tcp _ syn_retries = 5
Tcp_max_syn_backlog is the length of the SYN queue, and tcp_syncookies are a function. Whether to enable the SYN Cookie function can prevent some SYN attacks. Tcp_synack_retries and tcp_syn_retries define the number of retries of SYN. Increasing the SYN queue length can accommodate more network connections waiting for connection. Enabling the SYN Cookie function can prevent some SYN attacks and reduce the number of retries.

To adjust the preceding settings, follow these steps:
Increase the SYN queue length to 2048:
Sysctl-w net. ipv4.tcp _ max_syn_backlog = 2048

Enable the syn cookie function:
Sysctl-w net. ipv4.tcp _ syncookies = 1

Reduce the number of retries:
Sysctl-w net. ipv4.tcp _ synack_retries = 3 sysctl-w net. ipv4.tcp _ syn_retries = 3
To maintain the preceding configuration during system restart, you can add the preceding command to the/etc/rc. d/rc. local file.

Prevent synchronization package flooding Sync Flood)
# Iptables-a forward-p tcp -- syn-m limit -- limit 1/s-j ACCEPT

Some people write
# Iptables-a input-p tcp -- syn-m limit -- limit 1/s-j ACCEPT
-- Limit 1/s limits the number of syn concurrencies to 1 per second, which can be modified as needed

Prevents various port scans
# Iptables-a forward-p tcp -- tcp-flags SYN, ACK, FIN, RST-m limit -- limit 1/s-j ACCEPT

Ping flood attack Ping of Death)
# Iptables-a forward-p icmp -- icmp-type echo-request-m limit -- limit 1/s-j ACCEPT

Now we can solve the Linux syn Attack problem.

1. Measure the test taker's knowledge about port security in Linux.
2. Linux security command 1)
3. Introduction to the method for determining Linux blacklist
4. Solve the Linux ssh backdoor Problem
5. Solve Linux root password retrieval