Here's my problem:
As soon as my server reaches a certain amount of traffic, I get hit pretty hard (SYN flood) and the server becomes really slow (takes about a minute to load a 120k page, on DSL!). I have Floodguard installed, but it doesn't seem to do much. It's been worst a few weeks ago, so I assume Floodguard is helping a little, but I'm just wondering if there's anything else I can do? I'm probably the only one with that problem, and I'd like to hear from those who have experienced that. I just can't believe that there's nothing else I can do, that I have to sit around and wait a few days for it to stop! Should I pay to get someone to manage the server and take care of this, if so, any idea?

Hope you can help!
Thanks.

Hello

Have you tried to trace the IP from which IP the flood is coming and on which port its flooding. Trace out the IP and try if you can block with IP tables. Also check if the flood in coming on your virtual IP etc..

chances are its not a syn flood.. if you use linux then for the past 6 or so years synflood cookies are enabled by default.. I'd put money on its your apache/mysql config thats causing the problems

Originally posted by zupanm
chances are its not a syn flood.. if you use linux then for the past 6 or so years synflood cookies are enabled by default.. I'd put money on its your apache/mysql config thats causing the problems

I use linux, and I wasn't aware of that... How can I change that?

cat /proc/sys/net/ipv4/tcp_syncookies
if it returns a 1 then they are enabled.. which is a good thing. Like i said.. its probably a config issue and not a syn flood attack.

It returns a 1... Well the techs at server matrix told me it was a SYN flood and that they couldn't do much more ( I had them perform an emergency setting on Floodguard). They spent quite some time working on the server, but its still not running as it should be... I receive a few "Security Violations" (badflags) messages/day...

do you run like any busy forums or anything?

Originally posted by zupanm
do you run like any busy forums or anything?
No, simple .html pages and graphics. I don't run any scripts and the server load and memory used are both very low:
Server Load 0.05 (1 cpu)
Memory Used 7.3 %

you can try to run these iptables rules

/sbin/iptables -N syn-flood
/sbin/iptables -A syn-flood -m limit --limit 100/second --limit-burst 150 -j RETURN
/sbin/iptables -A syn-flood -j LOG --log-prefix "SYN flood: "
/sbin/iptables -A syn-flood -j DROP

Originally posted by zupanm
you can try to run these iptables rules

/sbin/iptables -N syn-flood
/sbin/iptables -A syn-flood -m limit --limit 100/second --limit-burst 150 -j RETURN
/sbin/iptables -A syn-flood -j LOG --log-prefix "SYN flood: "
/sbin/iptables -A syn-flood -j DROP

Try installing APF with its antiddos installed. Its better hten nothing you are not going to stop this attack on the software level