SYN attack defense in Linux

If you suspect a Dos attack in Linux, you can enter netstat-angrep-I "server IP address: 80 "awk'' {print} 'sortuniq-csort-nnetstat-angrepSYNwc-l this command will automatically count the number of Tcp connections in various states, if SYN_RECV is very high

If you suspect a Dos attack in Linux, you can enter

Netstat-an grep-I "server IP Address: 80" awk ''{print} 'sort uniq-c sort-n

Netstat-an grep "SYN" wc-l

This command will automatically count the number of Tcp connections in various states. if SYN_RECV is high, the possibility of tcp-based ddos attacks cannot be ruled out. in this case, you can enable tcp_syncookies and enter the following command

Echo 1>/proc/sys/net/ipv4/tcp_syncookies

If no/proc/sys/net/ipv4/tcp_syncookies are available, your kernel is not supported and you need to recompile the kernel.

At the same time, the number of syn retries is reduced.

Echo 1>/proc/sys/net/ipv4/tcp_syn_retries

Echo 1>/proc/sys/net/ipv4/tcp_synack_retries

Increase syn_backlog to ensure user access (memory consumption, too high ..)

Echo "2048">/proc/sys/net/ipv4/tcp_max_syn_backlog

If it still does not work, it can only be handed over to the corresponding hardware firewall.