Hello, Is there any way to block SYN flood attack automatically with out any down time. I have apf but its not working to stop SYN flood. Please suggest some thing that automatically block SYN Flooding.
Hey USF. The first thing I would do is contact your host. Do it now. They can possibly have the IP null routed upstream. This is the first step. Since your site is probably running on port 80 there is no way to do this without downtime. If you do not want to use the bandwidth I would drop the TTL on your DNS records, and move the site to a different host for a while. This will cause downtime. The best thing to do is report him to your hosting company. They can possibly look into black holing him. If you need help creating a disaster recover site that you can fail over to when things like this happen PM me. My rates are cheap.
Well, you are under a DDOS attack. Report him to your host. You could possibly look into blocking the ip's with iptables if they are limited to oly a few different IP's but this will probably not work if he has a lot of nodes in his DDOS network.
Make sure you have an unlimited IP banlist. Dont make it limited to only a few IPs. Also limit the connections per IP!
Snort will not solve this problem. You need to have snort installed, configured properly with snortsam or as an IPS system first. He also needs to know how to do this properly. Just installing snort and walking away will do nothing.