SYN Flood Defenses
¨Critical servers should have adequate network bandwidth and redundant paths
¨Use two different ISPs for Internet connectivity
¨Install traffic shaper to limit number of SYN packets
¨Increase the size of connection queue or lower the timeout value to complete a half-open connection
–http://www.nationwide.net/~aleph1/FAQ
¨Use SYN cookies on Linux systems
–A calculated value based on the source and destination IP address, port numbers, time, and a secret number
–Calculated SYN cookie is loaded into the ISN of SYN-ACK response
– no need to remember half-open connections on the connection queue
–Activated via “echo 1 > /proc/sys/net/ipv4/tcp_syncookies”