As a security best practice, verify that the host system uses IPv4 Transmission Control Protocol (TCP) Syncookies. A TCP SYN flood attack might cause a denial of service by filling a system's TCP connection table with connections in the SYN_RCVD state. Syncookies are used so as not to track a connection until a subsequent ACK is received, verifying that the initiator is attempting a valid connection and is not a flood source.
This technique does not operate in a fully standards-compliant manner, but is only activated when a flood condition is detected, and allows defence of the system while continuing to service valid requests.
- Run the # cat /proc/sys/net/ipv4/tcp_syncookies command to verify whether the host system uses IPv4 TCP Syncookies.
- Configure the host system to use IPv4 TCP syncookies.
- Open the /etc/sysctl.conf to configure the host system.
- If the value is not set to
1, add the following entry to the file or update the existing entry accordingly. Set the value to
- Save the changes and close the file.