Get Free Linux Server Security, Performance & Troubleshooting Tips

How can I Turn On TCP SYN Cookie Protection on Linux?

Are you under DOS attack on your cPanel or Linux server and you need to stop that syn flood to avoid downtime? Many VPS and Dedicated servers suffer syn flood atttacks on their systems, it’s something really normal on Linux servers. One type of attack is called SYN Attack.

TCP Syn attacks are what it is called as DOS (aka Denial of Service) attack. DOS attacks consume resources in your dedicated box.

How does this SYN attack work?

Malicious connections begin with TCP connection handshake sending a SYN packet, and then it will never complete the process of opening the connection, the result will be a incomplete (but half-open) connection to your server. Imagine the attacker runs this massively against your server, and your server get’s flooded easily. Fortunately, the Linux kernel can handle this kind of SYN Attacks easily.

In order to protect against SYN ATTACKS you will need to activate tcp_syncookies at your kernel configuration.

Is it possible to get protected against TCP Syn Attacks on Linux servers? (Ubuntu, Debian, CentOS, RHEL and many others)

How to Turn On TCP SYNCookie Protection

Check your current settings:

Using sysctl command you will see the kernel configurations at runtime. In order to check if tcp_syncookies (net.ipv4.tcp_syncookies) is activated or not, run this coommand:

sysctl -n net.ipv4.tcp_syncookies


cat /proc/sys/net/ipv4/tcp_syncookies

Output should be something like:

[]sysctl -n net.ipv4.tcp_syncookies
[]cat /proc/sys/net/ipv4/tcp_syncookies

If you see 1, then your tcp_syncookies protection is activated at kernel level.

If don’t, see the next steps in order to turn on tcp_syncookies on linux

Enable TCP SYN cookie protection

Edit sysctl.conf file

nano -w /etc/sysctl.conf

Add the following variable at the end of your file:

net.ipv4.tcp_syncookies = 1

Save and close the file.

Reload sysctl.conf configuration by running:

sysctl -p

All done, by this time you should have your TCP Syncookie protection activated to shield your server against TCP Syn attacks. However, if that’s not helping too much, please make sure you read the following post: Hardening Server TCP/IP Stack Against SYN Floods

Suggested reading:

Our Rating

About the Author: Esteban Borges

Experienced Sr. Linux SysAdmin and Web Technologist, passionate about building tools, automating processes, fixing server issues, troubleshooting, securing and optimizing high traffic websites.

Leave a Reply

Your email address will not be published. Required fields are marked *