As a security best practice, verify that the host system uses IPv4 Transmission Control Protocol (TCP) Syncookies. A TCP SYN flood attack might cause a denial of service by filling a system's TCP connection table with connections in the SYN_RCVD state. Syncookies are used so as not to track a connection until a subsequent ACK is received, verifying that the initiator is attempting a valid connection and is not a flood source.

This technique does not operate in a fully standards-compliant manner, but is only activated when a flood condition is detected, and allows defence of the system while continuing to service valid requests.

1

Run the # cat /proc/sys/net/ipv4/tcp_syncookies command to verify whether the host system uses IPv4 TCP Syncookies.

2

Configure the host system to use IPv4 TCP syncookies.

a

Open the /etc/sysctl.conf to configure the host system.

b

If the value is not set to 1, add the following entry to the file or update the existing entry accordingly. Set the value to 1.

net.ipv4.tcp_syncookies=1 
c

Save the changes and close the file.