Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
B
B
braindev2019-06-14 14:34:58
DDoS Protection
braindev, 2019-06-14 14:34:58

Effective protection against SYN FLOOD?

Hello dear friends. The situation is the following. I have a server (used as a game) with the following characteristics (it uses ports such as 3306, 3724, 8085, 25 and a custom ssh port on which fail2ban is installed:

Intel Xeon E5-2630v4 6 cores.
30 GB RAM
SSD 800 GB
600 mbit/s port

And the second server that is used for the web:
Intel Xeon 4 cores
8GB RAM
SSD 200GB
200mbit/s port

The game server is constantly ddosed with SYN FLOOD
Here is information from netstat, the server got up 2-3 minutes after the attack, now it doesn’t even connect to SSH
Here are SYN packets from netstat - https://yadi.sk/d/Vm35No6WLxeoNw
And here is the configuration /etc/sysctl.conf
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.tcp_max_orphans = 65536
net.ipv4.tcp_fin_timeout = 10
net.ipv4 .tcp_keepalive_time = 1800
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_max_syn_backlog = 4096
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_mem = 50576 64768 98152
net.ipv4.tcp_rmem = 4096 16777216 87380
net.ipv4.tcp_wmem = 4096 65536 16777216
net.ipv4.tcp_orphan_retries = 0
net.ipv4.tcp_syncookies = 0
net.netfilter.nf_conntrack_max = 16777216
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_congestion_control = htcp
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.route.flush = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf .eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rfc1337 = 1
net.ipv4.ip_forward = 0
net.ipv4 .icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_echo_ignore_all = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.core.somaxconn = 65535
net.core.netdev_max_backlog = 1000
net.core.rmem_default = 65536
net.core.wmem_default = 65536
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
fs .inotify.max_user_watches = 16777216

How competently to block all this with iptables? I surfed the Internet for 2 days and tried to do it, there are many commands with -p tcp and -m tcp and it gives me an error that Bad argument "tcp"
The attack has been going on for the 10th day. I'm already desperate.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
A
Alexey Khaleev2016-10-11 22:41:02
Ddos of my vds? 0Reply
A
AnGel2016-12-01 14:06:37
How to repel a complex DDoS attack? 4Reply
K
Kirill2017-01-17 18:02:05
Total Ddos of a working server, how to deal with an IP that I can't ban? 5Reply
I
Igor Belov2015-01-25 16:47:57
How to protect servers from DDoS with Cisco? 4Reply
U
unlik2015-01-26 17:33:15
Block ddos? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question