Hello,
just saw a message on the Linux console about apache attack SYN flooding as follows:
possible SYN flooding on port 80. Sending cookies
Right after I saw that there was an Linux Kernel update, so I have installed it: Kernel and CPU Linux 2.6.32-220.23.1.el6.x86_64 on x86_64
Running CentOS 6 Linux...
I also found some suggestions from other forums:
to STOP syn flood on port 80 using apache you must to install mod_qos
Can this be installed from Virtualmin or ? anyone who had the same issue and fixed it ?
PS: we are using PfSense Firewall and only port 80 is opened for Apache...
Thank You
Howdy,
I'm not sure that I would be too concerned about that unless it turned into an issue of some sort. That is, if you were dealing with downtime, that's another issue -- but it sounds like your server handled the issue.
That is, when dealing with a SYN flood, sending "cookies" is designed to mitigate that issue... which means your system is handling it for you, you don't need to do anything.
There are a number of Apache modules out there designed for handling various types of DoS attacks -- mod_qos and mod_evasive are two of those. But unless you found that your server was being negatively impacted by attacks, I'm not sure that I would recommend adding the additional complexity of a new Apache module.
-Eric
Hi Eric,
ok, I understand now, than I will not install external modules as they are not needed in this case.. And yes I think that server handled it just fine because there was no high network usage or cpu usage ...
Thank You for quick reply
Best regards