Results 1 to 13 of 13
  1. #1
    Join Date
    Oct 2012
    Posts
    33

    Enabling syncookie problem

    Hi,

    I'm writing net.ipv4.tcp_syncookies = 1 to /etc/sysctl.conf file and saving it to enable syn protection. After I type sysctl -p to changes to take effect it echos out net.ipv4.tcp_syncookies = 1 but sysctl -n net.ipv4.tcp_syncookies echos out 0 and i'm not protected.

    Could you please help me what I'm doing wrong?

    Edit: I also tried /etc/init.d/network restart and it gave me this noticing message: Bringing up interface venet0: RTNETLINK answers: File exists Could be this the problem why syncookies are not enabled.

  2. #2
    Join Date
    Dec 2013
    Location
    Lipova / Romania
    Posts
    264
    From what I see you are on an OpenVZ VPS (venet0 interface). You have no access to change that setting. Also keep in mind that large SYN floods can't be blocked at VPS or server level.
    == 1Gbps Unmetered SSD VPS and Large Storage cloud servers ==
    == Virtual Servers hosted on XEN platform with dedicated resources ==
    == Stability, Instant Activation and Instant Support ==
    == Install Kloxo - The best control panel ==

  3. #3
    Join Date
    Oct 2012
    Posts
    33
    Quote Originally Posted by GabrielCioran View Post
    From what I see you are on an OpenVZ VPS (venet0 interface). You have no access to change that setting. Also keep in mind that large SYN floods can't be blocked at VPS or server level.
    Thank you for helping me about this issue. So which virtualization software should I prefer to change this setting to protect my server from small floods like some lamers do?

  4. #4
    Join Date
    Dec 2013
    Location
    Lipova / Romania
    Posts
    264
    You're welcome. You could try to ask your provider to change that setting for you or give you access to change it. Another option would be to get a XEN or KVM VPS. On XEN or KVM you will be almost exactly like on a dedicated server, being able to change settings like the one you mentioned. Most probably the attackers wont send only SYN floods, so if you need efficient protection against any DDoS attack type, you should get a DDoS protected vps or reverse proxy. If you need a free basic DDoS protection solution, you could try Cloudflare.
    == 1Gbps Unmetered SSD VPS and Large Storage cloud servers ==
    == Virtual Servers hosted on XEN platform with dedicated resources ==
    == Stability, Instant Activation and Instant Support ==
    == Install Kloxo - The best control panel ==

  5. #5
    Join Date
    Oct 2012
    Posts
    33
    Quote Originally Posted by GabrielCioran View Post
    You're welcome. You could try to ask your provider to change that setting for you or give you access to change it. Another option would be to get a XEN or KVM VPS. On XEN or KVM you will be almost exactly like on a dedicated server, being able to change settings like the one you mentioned. Most probably the attackers wont send only SYN floods, so if you need efficient protection against any DDoS attack type, you should get a DDoS protected vps or reverse proxy. If you need a free basic DDoS protection solution, you could try Cloudflare.
    I'm running a game server so CloudFlare won't help me. I bought a VDS not a VPS. If it is OpenVZ then it can't be VDS? A VDS could be created with OpenVZ? If it is not, that must be the reason that I can not change the setting and I'm really spoofed this time.

  6. #6
    Join Date
    Dec 2013
    Location
    Lipova / Romania
    Posts
    264
    You are definitely on an OpenVZ VPS since you have venet interface (the usual name for OpenVZ virtual interface) and you have no access to change sysctl settings.

    VDS (Virtual Dedicated Server) is the name for dedicated resources virtual server, so it should be a XEN or KVM VPS. XEN and KVM reserves disk space and RAM. OpenVZ shares it. Unfortunately there are many providers who wrongly call "VDS" their OpenVZ plans.
    == 1Gbps Unmetered SSD VPS and Large Storage cloud servers ==
    == Virtual Servers hosted on XEN platform with dedicated resources ==
    == Stability, Instant Activation and Instant Support ==
    == Install Kloxo - The best control panel ==

  7. #7
    Join Date
    Oct 2012
    Posts
    33
    Quote Originally Posted by GabrielCioran View Post
    You are definitely on an OpenVZ VPS since you have venet interface (the usual name for OpenVZ virtual interface) and you have no access to change sysctl settings.

    VDS (Virtual Dedicated Server) is the name for dedicated resources virtual server, so it should be a XEN or KVM VPS. XEN and KVM reserves disk space and RAM. OpenVZ shares it. Unfortunately there are many providers who wrongly call "VDS" their OpenVZ plans.
    I did buy VPS so sorry. Is a VDS more strong agaist these attacks?

  8. #8
    Join Date
    Dec 2013
    Location
    Lipova / Romania
    Posts
    264
    It is almost the same if DDoS attacks are coming. On a XEN or KVM VPS (called VDS too) you will be able to enable SYN cookies, add some basic firewall rules and change kernel settings in order to block some small attacks, but these days attacks are very often 1-2Gbps big, being impossible to be blocked at VPS level. Also your provider could nullroute your IP if attacks are coming, to protect other VPS from the same node and network. Best would be to get a DDoS protected VPS or DDoS protected reverse proxy.
    == 1Gbps Unmetered SSD VPS and Large Storage cloud servers ==
    == Virtual Servers hosted on XEN platform with dedicated resources ==
    == Stability, Instant Activation and Instant Support ==
    == Install Kloxo - The best control panel ==

  9. #9
    Join Date
    Oct 2012
    Posts
    33
    Quote Originally Posted by GabrielCioran View Post
    It is almost the same if DDoS attacks are coming. On a XEN or KVM VPS (called VDS too) you will be able to enable SYN cookies, add some basic firewall rules and change kernel settings in order to block some small attacks, but these days attacks are very often 1-2Gbps big, being impossible to be blocked at VPS level. Also your provider could nullroute your IP if attacks are coming, to protect other VPS from the same node and network. Best would be to get a DDoS protected VPS or DDoS protected reverse proxy.
    I understand you but the firewall prices are so high. I want to enable syncookies for small attacks. I know that I can't drop the connection on VPS Level.

  10. #10
    Join Date
    Dec 2013
    Location
    Lipova / Romania
    Posts
    264
    Then go for a XEN or KVM VPS, or tell to your current provider to enable that for you.
    == 1Gbps Unmetered SSD VPS and Large Storage cloud servers ==
    == Virtual Servers hosted on XEN platform with dedicated resources ==
    == Stability, Instant Activation and Instant Support ==
    == Install Kloxo - The best control panel ==

  11. #11
    Join Date
    Sep 2008
    Location
    /dev/null
    Posts
    469
    first thing you have to move from that provider to another that provide a 100% working firewall
    i suggest fitvps.com all kinds of firewalls working well there
    second hide your new vps ip behind cloudflare

  12. #12
    Join Date
    Dec 2013
    Location
    Lipova / Romania
    Posts
    264
    Any XEN or KVM VPS will do the job. OpenVZ is sharing the node's kernel and needs admin permissions to change such settings. He can't use cloudflare, since he is hosting a gameserver, not a website.
    == 1Gbps Unmetered SSD VPS and Large Storage cloud servers ==
    == Virtual Servers hosted on XEN platform with dedicated resources ==
    == Stability, Instant Activation and Instant Support ==
    == Install Kloxo - The best control panel ==

  13. #13
    Join Date
    Sep 2008
    Location
    /dev/null
    Posts
    469
    if its a gameserver then vps is not recommended , you will need a ddos protected Dedicated Server
    i suggest ovh or sharktech

Similar Threads

  1. Enabling FreeType
    By GeXus in forum Hosting Security and Technology
    Replies: 6
    Last Post: 08-14-2006, 07:34 AM
  2. enabling gettext
    By ziofel in forum Web Hosting
    Replies: 1
    Last Post: 02-10-2006, 11:32 PM
  3. Enabling GD in PHP
    By concept in forum Hosting Security and Technology
    Replies: 1
    Last Post: 04-19-2004, 03:04 PM
  4. enabling exif
    By SinnerZone in forum Hosting Security and Technology
    Replies: 1
    Last Post: 06-25-2003, 07:21 AM
  5. Enabling SCRIPT_URI
    By JMJimmy in forum Hosting Security and Technology
    Replies: 5
    Last Post: 09-10-2002, 07:43 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •