- Plesk for Linux
How to defend against a SYN-Flood (DOS) Attack?
tcp_syncookies in the system.
tcp_syncookies functionality is available only if the kernel was compiled with CONFIG_SYNCOOKIES. Check it with:
# grep CONFIG_SYNCOOKIES= /boot/config-`uname -r`
Enabling SYN cookies is a very simple way to defeat SYN flood attacks, while using only a bit more CPU time for the cookiecreation and verification.
tcp_syncookies can be enabled with the following command:
# /sbin/sysctl -w net.ipv4.tcp_syncookies=1