Linux Solutions

Welcome to the tutorial guide. The guide will provide a user with guidance and instructions on protecting his/her host from SYN floods.
If a user wants a latest version of the iproute2 tools to get this to work with 2.4.0, then please follow:.
#! /bin/sh -x
#
# sample script on using the ingress capabilities
# this script shows how one can rate limit incoming SYNs
# Useful for TCP-SYN attack protection. A user can use
# IPchains to have more powerful additions to the SYN (eg
# in addition the subnet)
#
#path to various utilities;
#change to reflect yours.
#
TC=/sbin/tc
IP=/sbin/ip
IPTABLES=/sbin/iptables
INDEV=eth2
#
# tag all incoming SYN packets through $INDEV as mark value 1
############################################################
$iptables -A PREROUTING -i $INDEV -t mangle -p tcp –syn \
-j MARK –set-mark 1
############################################################
#
# install the ingress qdisc on the ingress interface
############################################################
$TC qdisc add dev $INDEV handle ffff: ingress
############################################################

#
#
# SYN packets are 40 bytes (320 bits) so three SYNs equals
# 960 bits (approximately 1kbit); so we rate limit below
# the incoming SYNs to 3/sec (not very useful really; but
#serves to show the point - JHS
############################################################
$TC filter add dev $INDEV parent ffff: protocol ip prio 50 handle 1 fw \
police rate 1kbit burst 40 mtu 9k drop flowid :1
############################################################

#
echo “—- qdisc parameters Ingress ———-”
$TC qdisc ls dev $INDEV
echo “—- Class parameters Ingress ———-”
$TC class ls dev $INDEV
echo “—- filter parameters Ingress ———-”
$TC filter ls dev $INDEV parent ffff:

#deleting the ingress qdisc
#$TC qdisc del $INDEV ingress

If a user followed advise and guidcance as provided in this tutorial guide then he/she would have learnt about protecting host from SYN floods