Somebody has an idea to block SYN flood attack ??

I am really angry against the blokes who launched a SYN flood attack on one of my servers three weeks ago.

The problem is this continue again and again. I am so tired and fed up to play cat and mouse with spoof IPs.

The firewall resist well, blocking the attack and sending me back an alert by email.

But sadly, I can't make the site performing at his best. It seems that blocking is not enough, and the site is so slooow when the attacker come back.

I am turning now to the community to see if by any chance, somebody has some ideas and a solution.

I  also changed the pool settings in IIS 6 to recycle the worker process with some conditions like CPU usage, but it's not really successful.

The last thing to do will be surely to use a new IP and burn the old one.

 

2 Comments

  • You can't fix this with IIS. They are flooding the server's connection to the internet. There are simply too many connections, so valid connections can't get through (or are very slow).



    I don't know about any solutions though (that don't cost thousands of dollars).

  • check with Steve Gibson at www.grc.com he has dealt with a number of attacks.....



    I bet he can help you with this...

Comments have been disabled for this content.