I'm behind SYN FLOOD with Spoofed IP'S

[midulc]

I have LiteSpeed + CSF + ALL RPS checks done + CentOS 6.2 fully updated + WHM...
What to do?
Thanks.

 

[webizen]

not LSWS related but we help you anyway as you ask for help here.

enable syncookies

sysctl -w net.ipv4.tcp_syncookies=1

 

[midulc]

I know

Yes, I knew it was not LSWS related but you know all!
I have already enabled syn cookies and it's the same... I can't get why is this happenning... Its a 200 mbps ddos, anyway i have a 10 gbps server but all the same all the cpu is laggy!!
Any other suggestions?

PS: Are you helping to fully configure a server with LSWS if I pay you?

 

[NiteWave]

maybe you can order "Advanced Anti-DDoS Setup"
https://store.litespeedtech.com/store/cart.php?gid=5

we have some experience on anti-ddos and have succeeded on a lot user cases. but not 100% sure if it apply for your case as well.

 

[midulc]

Ok, what do you configure?

Suppose I Adquire that configuration pack, what will you configure for me?

 

[webizen]

We will let you know once you order the service.

 

[midulc]

I need security...

I need to be sure if it will work or not, as it's not just a little money.
Thanks.

 

[webizen]

If not, we will refund the money to you.

 

[midulc]

Just a question

"Set up script to block attacking IP automatically via iptables based on web server detection result. "

Actually the requests NEVER get into the server, there are like 3000 ip's differents all with state SYN_RECEIVED getting a 200MBPS attack.

 

[webizen]

http://www.litespeedtech.com/support/forum/showthread.php?t=5771

 

[midulc]

Butnothing

Have optimized ALL centos configuration based on all I could find on internet and the ddos still gets my ded down.
The cpu use goes full and the conection usage to 250 mbps. There are lots of SYN_rECEIVED packets.
There's no way to stop this... What to do?
Internet connection is 10gbps so that's not the problem, it's that cpu usage goes to the limit.

 

[NiteWave]

can you identify which process has high CPU usage, by "top -c" etc?

ddos usually last short time only, is your website DDOS'd continuously?

 

[midulc]

Continuously

It's continuously behind a DDOS. I can't run that command as now the dedicated got blocked for so many traffic

 

[webizen]

again, you can order "Advanced Anti-DDoS Setup"
https://store.litespeedtech.com/store/cart.php?gid=5

 

[midulc]

Finally solution

I even set up the iptables to block ALL ALL THE REQUESTS ALL, iptables -i INPUT -j DROP and still got behind attack!

Conclusion: External firewall is the only solution.

 

[webizen]

or you can try our free service.

http://www.litespeedtech.com/litespeed-anti-ddos-proxy-service.html

 

[webizen]

...

Conclusion: External firewall is the only solution.

This is not necessarily true. Really depends on how iptables is setup.

 

[semprot]

again, you can order "Advanced Anti-DDoS Setup"
https://store.litespeedtech.com/store/cart.php?gid=5

I wonder if it is the same one as "LiteSpeed Anti-DDoS Appliance" here ?
http://www.litespeedtech.com/litespeed-anti-ddos-appliance.html

 

[webizen]

I wonder if it is the same one as "LiteSpeed Anti-DDoS Appliance" here ?
http://www.litespeedtech.com/litespeed-anti-ddos-appliance.html

They are different. LiteSpeed Anti-DDoS Appliance is more advanced dedicated device to handle larger attacks.