Combat SYNFLOOD attacks via CSF can be a critical issue.

As part of our Server Management Services, we assist our customers with several SYNflood queries.

Today, let us see a possible fix when the server appears to be under attack.

Combat SYNFLOOD attacks via CSF

The method we mentioned here is more of a band-aid solution than a permanent one.

Our Support Techs highly recommend contacting a security expert to determine the best course of action. Until they can determine a permanent fix, we can make use of this approach.

Since we cannot configure the firewall as it is outside the scope of support, use this article for educational purposes.

A misconfiguration in the method mentioned below can potentially lead us to block legitimate traffic.

In addition, we need to make sure to save the firewall configuration before making any changes.

Moving ahead, let us see how our Support Techs work around this issue.

We can enable SYNflood protection within CSF. To do so, we modify the SYNFLOOD setting to reflect the following:

SYNFLOOD=1

In addition, we may want to adjust the following:

• SYNFLOOD_RATE

This is the number of SYN packets that will be accepted, per IP, per second. In case of attack, we may benefit if we lower this setting.

• SYNFLOOD_BURST

This is the number of times an IP can hit the rate limit before the firewall blocks it. When under attack, like the above, we can try lowering this setting.

Once the attack is over, we restore the firewall settings to what they were before the attack.

[Found it useful? Here is a lot more for you]

Conclusion

In short, we saw how our Support Techs workaround the SYNflood attack.