Shulou(Shulou.com)06/01 Report--

In this issue, the editor will bring you what is the solution of the Linux system to defend against SYN attacks. The article is rich in content and analyzes and describes for you from a professional point of view. I hope you can get something after reading this article.

SYN attack is a means of hacker attack. SYN flooding attacks are based on the design of a three-way handshake when establishing a connection based on TCP. The editor of Liangxu tutorials Network below will share the solution of Linux system against SYN attacks.

Introduction to SYN attacks: syn attacks have a long history and are so powerful that a laptop can easily turn over an unprotected server.

Nowadays, web is developing very rapidly, and many applications are based on http protocol, and http protocol is an application layer protocol based on TCP protocol, so syn attacks are still full of vitality.

In fact, the syn attack takes advantage of the defect that TCP needs a three-way handshake to establish a connection, as long as a small syn packet can occupy a relatively large memory space of the server, so the unequal relationship enables the attacker to dial a thousand pounds.

Solutions to SYN attacks in Linux system: 1. Default syn configuration * *

Sysctl-a | grep _ syn net.ipv4.tcp_max_syn_backlog = 1024 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_synack_retries = 5 net.ipv4.tcp_syn_retries = 5tcp_max_syn_backlog is the length of the SYN queue. Increasing the length of the SYN queue can accommodate more network connections waiting for connections. Tcp_syncookies is a switch, whether to turn on the SYN Cookie function, this function can prevent some SYN attacks. Tcp_synack_retries and tcp_syn_retries define the number of retry connections for SYN and reduce the default parameters to control the number of SYN connections as little as possible.

II. Modify syn configuration

Ulimit-HSn 65535 sysctl-w net.ipv4.tcp_max_syn_backlog=2048 sysctl-w net.ipv4.tcp_syncookies=1 sysctl-w net.ipv4.tcp_synack_retries=2 sysctl-w net.ipv4.tcp_syn_retries= 2 III, add firewall rules

# Syn flood attack (--limit 1 limit limits the number of syn concurrency per second) iptables-An INPUT-p tcp--syn-m limit-- limit 1max s-j ACCEPT # Anti-port scan iptables-A FORWARD-p tcp--tcp-flags SYN,ACK,FIN,RST RST-m limit-limit 1pm ping iptables-A FORWARD-p icmp--icmp-type echo-request-m limit-limit 1Thue s-j ACCEPT IV, add boot up

Finally, don't forget to write the commands in two, three and three to / etc/rc.d/rc.local.

What is Linux system Linux is a free-to-use and free-spread UNIX-like operating system, is a POSIX-based multi-user, multi-task, multi-threaded and multi-CPU operating system, using Linux can run major Unix tools, applications and network protocols.

The above is the solution of the Linux system against SYN attacks shared by the editor. If you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.