On Wed, 2016-07-06 at 10:06 +0530, Vikas wrote: > Hi, > > Wanted to explore options netfilter provides to mitigate DoS/SYN attacks. > Even if there is mechanism to incorporate rate limiter solution for high > incoming volume traffic then it would help. > > Any input in this regard will be appreciated. SYN attacks are no longer a problem with current linux kernels. (linux-4.7 can really absorb about 6Mpps SYN on a single listener, and more for SO_REUSEPORT enabled listeners) There is absolutely nothing you can do for a SYN attack, especially not trying to rate limit it, as you might drop valid SYN packets and thus hurt real users. It is simply best to deal with it, as for other kinds of attacks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
