I'm having problems to secure debian server against syn flood attacks.
Setting /proc/sys/net/ipv4/tcp_syncookies = 1 , didnt solve the problem. I get this in dmesg, and all network traffic sent is lost:
[ 561.282950] possible SYN flooding on port 80. Sending cookies.
[ 562.869160] dst cache overflow
[ 562.873893] dst cache overflow
[ 562.878144] dst cache overflow
[ 562.881992] dst cache overflow
I've tried to set these parameters from a server protected against this attack (default Ubuntu installations are):
/proc/sys/net/ipv4/route/error_burst:500
/proc/sys/net/ipv4/route/error_cost:100
/proc/sys/net/ipv4/route/gc_elasticity:8
/proc/sys/net/ipv4/route/gc_interval:60
/proc/sys/net/ipv4/route/gc_min_interval:0
/proc/sys/net/ipv4/route/gc_min_interval_ms:500
/proc/sys/net/ipv4/route/gc_thresh:65536
/proc/sys/net/ipv4/route/gc_timeout:300
/proc/sys/net/ipv4/route/max_size:1048576
/proc/sys/net/ipv4/route/min_adv_mss:256
/proc/sys/net/ipv4/route/min_pmtu:552
/proc/sys/net/ipv4/route/mtu_expires:600
/proc/sys/net/ipv4/route/redirect_load:2
/proc/sys/net/ipv4/route/redirect_number:9
/proc/sys/net/ipv4/route/redirect_silence:2048
/proc/sys/net/ipv4/route/secret_interval:600
The "dst cache overflow" seems to have stopped, although my network traffic is still being lost.
Any succesfull configurations? Any ideas?
Thanks in advance.
Cheers.
--
Sergio Roberto Charpinel Jr.