logo of Akmatori
15.05.2024

How to Enable SYN Cookies on Linux

head-image

In this post, you'll learn to activate SYN cookies on Linux. This method helps protect your server against SYN flood attacks, crucial for maintaining server reliability and performance.

What Are SYN Cookies?

SYN cookies secure servers from SYN flood attacks. These attacks overwhelm the server's ability to connect to legitimate users. By enabling SYN cookies, you help your server handle these connections efficiently, without getting overloaded.

Why Use SYN Cookies?

SYN cookies are essential for server security, ensuring availability during an attack. For broader protection and optimized load handling, Akmatori offers globally distributed balancing capabilities that can complement SYN cookie implementation.

Checking Your Linux Kernel Version

Ensure your Linux kernel supports SYN cookies with these steps:

  • Open your terminal.
  • Type uname -r and press Enter.
  • Note the kernel version displayed.

Check if SYN cookies are active:

  • Open a terminal window.
  • Enter
sysctl net.ipv4.tcp_syncookies
  • If the result is 1, they're active. If 0, they're not.

Step 2: Activate SYN Cookies

Turn on SYN cookies if they are off:

  • In your terminal, type:
    sudo sysctl -w net.ipv4.tcp_syncookies=1
  • Enter your password if prompted.

This activates SYN cookies immediately but temporarily.

Step 3: Make the Change Permanent

Ensure SYN cookies remain active after system reboot. Add a parametr line to /etc/sysctl.conf:

sudo sh -c 'echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf'

Step 4: Reboot and Verify

Finalize the setup:

  • Reboot your server:
    sudo reboot
  • Verify activation:
    sysctl net.ipv4.tcp_syncookies

Expect net.ipv4.tcp_syncookies = 1 as output.

adding-permanent-syn-coockie-param

Conclusion

You've enabled SYN cookies, bolstering your server against SYN flood attacks. For enhanced defense and efficient traffic management, consider integrating Akmatori into your network architecture. Akmatori not only secures your system but also optimizes traffic flow across global points of presence, ensuring high availability and performance.

FAQs

Q: What is a SYN flood attack? A: A type of DDoS attack that blocks legitimate traffic by overwhelming the server with connection requests. You can read about possible responding actions here

Q: Can SYN cookies impact server performance? A: Slightly, but the security benefits outweigh this minimal impact.

Q: Are there alternatives to SYN cookies? A: Yes, tools like firewalls and specific anti-DDoS hardware can help. For comprehensive solutions, consider Akmatori.

Akmatori team

Maximize your website or application's performance and reliability!