we have been attacked too , Sunday , and Monday .
If you are managing a server Apache 2 or similar do like this :
root@mir23:~# netstat |grep SYN_RECV
marway.org:www x.x.x.x:56995 SYN_RECV
marway.org:www x.x.x.x:4756 SYN_RECV
marway.org:www x.x.x.x:8921 SYN_RECV
then assuming you have iptables installed beat down the following syntax :
root@mir23:~# /sbin/iptables -A INPUT -s “x.x.x.x” -j DROP
root@mir23:~# iptables -A INPUT -s “x.x.x.x” -j DROP
Where obviously x.x.x.x are or is the IP of the syn flooder .
In some hour we shall post others optimized settings
helpful to mitigate the flood .