Thanks for the replies guys...
I've tweaked CSF, and for the time being it seems that the attack is either getting smaller or the setting is quite strict so its blocking alot of traffic.
I'm using CT_LIMIT = 60, so I believe its blocking everyone who has more than 60 open connections on port 80 at the same time. I've also disabled Synflood feature in CSF as I dont think it has any benefit when used with CONNLIIMT. Let me know if I am wrong?
Can someone let me know where I can find Syn Deflate, I've installed DDos Deflate, but would like some protection against synflood attacks as well, and I think the synflood feature is not very good in CSF. All the download links I've seen for syn-deflate are broken.