Linux 3.10.0-693.11.1.el7.x86_64 #1 SMP Mon Dec 4 23:52:40 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
I searched the forum and I haven't exactly found my question answered. From what I read, centos out of the box is set up to reject SYN floods. From my log, it appears to be working. Here are my settings, which I assume are default. (OS set up from a VPS, not me.)
Code: Select all
cat /proc/sys/net/ipv4/tcp_syncookies
1
cat /proc/sys/net/ipv4/tcp_synack_retries
5
cat /proc/sys/net/ipv4/tcp_max_syn_backlog
128
https://www.servernoobs.com/hardening- ... n-floods/
the suggested settings are
Is this advisable, or don't fix what isn't broken.echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 2048 > /proc/sys/net/ipv4/tcp_max_syn_backlog
echo 3 > /proc/sys/net/ipv4/tcp_synack_retries
Here are the time stamps from a series of SYNs. I will post the full log at the end of the message.
Code: Select all
Jan 7 13:22:17 kernel: IN=eth0 OUT= MAC= SRC=13.56.229.65
Jan 7 13:22:18 kernel: IN=eth0 OUT= MAC= SRC=13.56.229.65
Jan 7 13:22:20 kernel: IN=eth0 OUT= MAC= SRC=13.56.229.65
Jan 7 13:22:24 kernel: IN=eth0 OUT= MAC= SRC=13.56.229.65
Jan 7 13:22:32 kernel: IN=eth0 OUT= MAC= SRC=13.56.229.65
Jan 7 13:22:48 kernel: IN=eth0 OUT= MAC= SRC=13.56.229.65
Code: Select all
Jan 7 08:33:48 kernel: IN=eth0 OUT= MAC= SRC=212.83.155.66 DST= LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=18025 DF PROTO=TCP SPT=161 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0
Jan 7 09:36:09 kernel: IN=eth0 OUT= MAC= SRC=207.46.13.169 DST= LEN=48 TOS=0x02 PREC=0x00 TTL=113 ID=17047 DF PROTO=TCP SPT=12414 DPT=443 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
Jan 7 09:36:12 kernel: IN=eth0 OUT= MAC= SRC=207.46.13.169 DST= LEN=48 TOS=0x02 PREC=0x00 TTL=113 ID=17048 DF PROTO=TCP SPT=12414 DPT=443 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
Jan 7 09:36:18 kernel: IN=eth0 OUT= MAC= SRC=207.46.13.169 DST= LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=17049 DF PROTO=TCP SPT=12414 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0
Jan 7 10:00:25 kernel: IN=eth0 OUT= MAC= SRC=40.77.167.0 DST= LEN=48 TOS=0x02 PREC=0x00 TTL=108 ID=531 DF PROTO=TCP SPT=9252 DPT=443 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
Jan 7 10:00:28 kernel: IN=eth0 OUT= MAC= SRC=40.77.167.0 DST= LEN=48 TOS=0x02 PREC=0x00 TTL=108 ID=532 DF PROTO=TCP SPT=9252 DPT=443 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
Jan 7 10:00:34 kernel: IN=eth0 OUT= MAC= SRC=40.77.167.0 DST= LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=533 DF PROTO=TCP SPT=9252 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0
Jan 7 10:34:55 kernel: IN=eth0 OUT= MAC= SRC=139.162.114.154 DST= LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=40310 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
Jan 7 13:22:17 kernel: IN=eth0 OUT= MAC= SRC=13.56.229.65 DST= LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=51390 DF PROTO=TCP SPT=49500 DPT=80 WINDOW=26883 RES=0x00 SYN URGP=0
Jan 7 13:22:18 kernel: IN=eth0 OUT= MAC= SRC=13.56.229.65 DST= LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=51391 DF PROTO=TCP SPT=49500 DPT=80 WINDOW=26883 RES=0x00 SYN URGP=0
Jan 7 13:22:20 kernel: IN=eth0 OUT= MAC= SRC=13.56.229.65 DST= LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=51392 DF PROTO=TCP SPT=49500 DPT=80 WINDOW=26883 RES=0x00 SYN URGP=0
Jan 7 13:22:24 kernel: IN=eth0 OUT= MAC= SRC=13.56.229.65 DST= LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=51393 DF PROTO=TCP SPT=49500 DPT=80 WINDOW=26883 RES=0x00 SYN URGP=0
Jan 7 13:22:32 kernel: IN=eth0 OUT= MAC= SRC=13.56.229.65 DST= LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=51394 DF PROTO=TCP SPT=49500 DPT=80 WINDOW=26883 RES=0x00 SYN URGP=0
Jan 7 13:22:48 kernel: IN=eth0 OUT= MAC= SRC=13.56.229.65 DST= LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=51395 DF PROTO=TCP SPT=49500 DPT=80 WINDOW=26883 RES=0x00 SYN URGP=0
Jan 7 13:32:11 kernel: IN=eth0 OUT= MAC= SRC=141.212.122.57 DST= LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=57180 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
Jan 7 13:48:41 kernel: IN=eth0 OUT= MAC= SRC=157.55.39.99 DST= LEN=48 TOS=0x02 PREC=0x00 TTL=113 ID=30439 DF PROTO=TCP SPT=12551 DPT=443 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
Jan 7 13:48:44 kernel: IN=eth0 OUT= MAC= SRC=157.55.39.99 DST= LEN=48 TOS=0x02 PREC=0x00 TTL=113 ID=30440 DF PROTO=TCP SPT=12551 DPT=443 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
Jan 7 13:48:50 kernel: IN=eth0 OUT= MAC= SRC=157.55.39.99 DST= LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=30449 DF PROTO=TCP SPT=12551 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0
Jan 7 14:31:53 kernel: IN=eth0 OUT= MAC= SRC=74.82.47.12 DST= LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=36549 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
Jan 7 15:20:59 kernel: IN=eth0 OUT= MAC= SRC=37.203.214.106 DST= LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=45009 PROTO=TCP SPT=58521 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0
Jan 7 16:24:10 kernel: IN=eth0 OUT= MAC= SRC=39.104.68.70 DST= LEN=40 TOS=0x00 PREC=0x00 TTL=110 ID=68 DF PROTO=TCP SPT=17778 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0
Jan 7 16:44:37 kernel: IN=eth0 OUT= MAC= SRC=139.162.125.159 DST= LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=49360 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0
Jan 7 16:58:29 kernel: IN=eth0 OUT= MAC= SRC=39.104.68.70 DST= LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=30473 DF PROTO=TCP SPT=52844 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0
Jan 7 16:58:32 kernel: IN=eth0 OUT= MAC= SRC=39.104.68.70 DST= LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=31529 DF PROTO=TCP SPT=52844 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0
Jan 7 16:58:38 kernel: IN=eth0 OUT= MAC= SRC=39.104.68.70 DST= LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=854 DF PROTO=TCP SPT=52844 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0
Jan 7 17:38:12 kernel: IN=eth0 OUT= MAC= SRC=169.54.244.78 DST= LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=10978 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
Jan 7 19:00:07 kernel: IN=eth0 OUT= MAC= SRC=141.212.122.146 DST= LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=37723 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
Jan 7 19:00:07 kernel: IN=eth0 OUT= MAC= SRC=141.212.122.147 DST= LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=58638 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
Jan 7 21:16:24 kernel: IN=eth0 OUT= MAC= SRC=164.52.24.140 DST= LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=34175 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
Jan 7 22:14:22 kernel: IN=eth0 OUT= MAC= SRC=163.172.137.177 DST= LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=42696 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
Jan 7 22:26:05 kernel: IN=eth0 OUT= MAC= SRC=216.244.66.239 DST= LEN=60 TOS=0x08 PREC=0x00 TTL=54 ID=57821 DF PROTO=TCP SPT=39462 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
Jan 7 22:26:06 kernel: IN=eth0 OUT= MAC= SRC=216.244.66.239 DST= LEN=60 TOS=0x08 PREC=0x00 TTL=54 ID=57822 DF PROTO=TCP SPT=39462 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
Jan 7 22:26:08 kernel: IN=eth0 OUT= MAC= SRC=216.244.66.239 DST= LEN=60 TOS=0x08 PREC=0x00 TTL=54 ID=57823 DF PROTO=TCP SPT=39462 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
Jan 7 22:26:12 kernel: IN=eth0 OUT= MAC= SRC=216.244.66.239 DST= LEN=60 TOS=0x08 PREC=0x00 TTL=54 ID=57824 DF PROTO=TCP SPT=39462 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
Jan 7 23:54:21 kernel: IN=eth0 OUT= MAC= SRC=207.46.13.196 DST= LEN=52 TOS=0x02 PREC=0x00 TTL=113 ID=2649 DF PROTO=TCP SPT=6633 DPT=443 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
Jan 7 23:54:24 kernel: IN=eth0 OUT= MAC= SRC=207.46.13.196 DST= LEN=52 TOS=0x02 PREC=0x00 TTL=113 ID=2650 DF PROTO=TCP SPT=6633 DPT=443 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
Jan 7 23:54:30 kernel: IN=eth0 OUT= MAC= SRC=207.46.13.196 DST= LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=2656 DF PROTO=TCP SPT=6633 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0
Jan 7 23:54:42 kernel: IN=eth0 OUT= MAC= SRC=157.55.39.74 DST= LEN=48 TOS=0x02 PREC=0x00 TTL=113 ID=32589 DF PROTO=TCP SPT=5850 DPT=443 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
Jan 7 23:54:45 kernel: IN=eth0 OUT= MAC= SRC=157.55.39.74 DST= LEN=48 TOS=0x02 PREC=0x00 TTL=113 ID=32590 DF PROTO=TCP SPT=5850 DPT=443 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
Jan 7 23:54:51 kernel: IN=eth0 OUT= MAC= SRC=157.55.39.74 DST= LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=32591 DF PROTO=TCP SPT=5850 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0
Jan 8 00:03:30 kernel: IN=eth0 OUT= MAC= SRC=157.55.39.99 DST= LEN=48 TOS=0x02 PREC=0x00 TTL=113 ID=31199 DF PROTO=TCP SPT=10003 DPT=443 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
Jan 8 00:03:33 kernel: IN=eth0 OUT= MAC= SRC=157.55.39.99 DST= LEN=48 TOS=0x02 PREC=0x00 TTL=113 ID=31200 DF PROTO=TCP SPT=10003 DPT=443 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
Jan 8 00:03:39 kernel: IN=eth0 OUT= MAC= SRC=157.55.39.99 DST= LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=31201 DF PROTO=TCP SPT=10003 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0
Jan 8 01:08:27 kernel: IN=eth0 OUT= MAC= SRC=164.52.6.150 DST= LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=53578 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0
Jan 8 01:08:27 kernel: IN=eth0 OUT= MAC= SRC=164.52.6.150 DST= LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=53579 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0
Jan 8 01:12:37 kernel: IN=eth0 OUT= MAC= SRC=207.46.13.45 DST= LEN=52 TOS=0x02 PREC=0x00 TTL=113 ID=10832 DF PROTO=TCP SPT=1349 DPT=80 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
Jan 8 01:12:40 kernel: IN=eth0 OUT= MAC= SRC=207.46.13.45 DST= LEN=52 TOS=0x02 PREC=0x00 TTL=113 ID=10833 DF PROTO=TCP SPT=1349 DPT=80 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
Jan 8 01:12:46 kernel: IN=eth0 OUT= MAC= SRC=207.46.13.45 DST= LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=10834 DF PROTO=TCP SPT=1349 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0
Jan 8 01:42:50 kernel: IN=eth0 OUT= MAC= SRC=87.98.146.134 DST= LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=51943 PROTO=TCP SPT=48596 DPT=80 WINDOW=4096 RES=0x00 ACK URGP=0
Jan 8 01:42:51 kernel: IN=eth0 OUT= MAC= SRC=87.98.146.134 DST= LEN=40 TOS=0x00 PREC=0x00 TTL=37 ID=8275 PROTO=TCP SPT=48597 DPT=80 WINDOW=2048 RES=0x00 ACK URGP=0