Table of Contents
What is Synflood-Defender
Synflood-Defender is an extension for SNMP protocol, which is used for monitoring SYN-queue and protection the host if SYN-flood attack happens.
How it works
Each time SNMP requests Synflood-Defender SNMP MIB, the script checks current length of SYN queue. If the current value exceeds threshold and protection is enabled by configuration, TCP kernel parameters will be set to strict values, which helps to withstand SYN-flood.
Setting TCP parameters to protective values at the boot time is not good idea, because clients with bad connection may be dropped. It's quite important nowadays, when many clients access the web via mobile devices.
When SYN-queue reaches threshold, administrator may be notified via e-mail if notifications are enabled.
If Synflood-Defender is set to force protection mode, kernel parameters will be set to strict values even when SYN-queue is less than threshold.
Result of protection
|© Volodymyr Kononenko 2011|