SYN flooding

Hello,

just saw a message on the Linux console about apache attack SYN flooding as follows:

possible SYN flooding on port 80. Sending cookies

Right after I saw that there was an Linux Kernel update, so I have installed it:
Kernel and CPU Linux 2.6.32-220.23.1.el6.x86_64 on x86_64

Running CentOS 6 Linux…

I also found some suggestions from other forums:

to STOP syn flood on port 80 using apache you must to install mod_qos

Can this be installed from Virtualmin or ? anyone who had the same issue and fixed it ?

PS: we are using PfSense Firewall and only port 80 is opened for Apache…

Thank You

Howdy,

I’m not sure that I would be too concerned about that unless it turned into an issue of some sort. That is, if you were dealing with downtime, that’s another issue – but it sounds like your server handled the issue.

That is, when dealing with a SYN flood, sending “cookies” is designed to mitigate that issue… which means your system is handling it for you, you don’t need to do anything.

There are a number of Apache modules out there designed for handling various types of DoS attacks – mod_qos and mod_evasive are two of those. But unless you found that your server was being negatively impacted by attacks, I’m not sure that I would recommend adding the additional complexity of a new Apache module.

-Eric

Hi Eric,

ok, I understand now, than I will not install external modules as they are not needed in this case…
And yes I think that server handled it just fine because there was no high network usage or cpu usage …

Thank You for quick reply

Best regards