My server is daily getting attacked with synfloods... what can I do to prevent/stop them?
tcp_syncookies is enabled.
My tcp_max_syn_backlog variable is 2048 (default 246 or something) which should allow all clients connections through while under an attack.
My tcp_synack_retries variable is 3 which times all attempts at connections that the IPs aren't responding to (eg. synflood) out after around 40 seconds.
I have configserver firewall (csf) which offers protection against all types of DOS attacks and synfloods I think, but it isn't really making a difference with the synflood part (but normal DOS attacks are blocked before the server even lags).
There is no need to get further DOS prevention/blocking software, csf does that, I need something that focuses directly on synflood or some other good variable configurations to block synflood.