last few months I been tearing my hair out trying to figure how to stop these low bandwith syn and get floods. Its usually just a syn flood that sends very small packets that gets right through the ddos protection, you can rate it to 32kbs and 100s still get through. So sess at curse-x got hit by the anime ddoser from national-anime.com. the kid goes around ddosing other anime sites and his floods arent very high bandwidth just that get crap that kills forums ebcause it opens sql query each request.
Anyway, I got to looking on the net and found these lines for /etc/sysctl.conf As soon as I added them and flushed it stopped it dead. So here is how to do it
mv /etc/sysctl.conf /etc/sysctl.conf.backup
nano -w /etc/sysctl.conf
Insert
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# Controls IP packet forwarding
net.ipv4.ip_forward = 0
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
net.ipv4.tcp_fin_timeout = 15
net.ipv4.tcp_keepalive_time = 1800
net.ipv4.tcp_window_scaling = 0
# Turn off the tcp_sack
net.ipv4.tcp_sack = 0
# Turn off the tcp_timestamps
net.ipv4.tcp_timestamps = 0
# Increases the size of the socket queue (effectively, q0).
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_syncookies = 1
Then
/sbin/sysctl -p
sysctl -w net.ipv4.route.flush=1
credits to eth0.us for the info
Related Articles
No user responded in this post