Profile Applicability:
 • Level 1

Description:
 TCP SYN cookies are a mechanism to protect against SYN flood attacks by allowing the server to handle half-open connections without allocating resources until the handshake is complete. Enabling TCP SYN cookies enhances network security by mitigating denial-of-service (DoS) attacks.

Rationale:
 Enabling TCP SYN cookies helps prevent resource exhaustion caused by SYN flood attacks, ensuring the availability and reliability of network services.

Impact:
 Pros:

  • Mitigates SYN flood attacks effectively.

  • Improves network service availability under attack.

Cons:

  • May slightly increase CPU overhead during high traffic.

Default Value:
 TCP SYN cookies are often enabled by default on modern Linux systems.

Pre-requisites:

  • Root or sudo privileges to modify system network settings.

Remediation:

Test Plan:

Using Linux command line:

1. Check current status of TCP SYN cookies

sysctl net.ipv4.tcp_syncookies

2. Confirm the value is set to 1 (enabled).

Implementation Plan:

Using Linux command line:

1. Enable TCP SYN cookies temporarily:

sysctl -w net.ipv4.tcp_syncookies=1

2. Persist the setting by adding to /etc/sysctl.conf or a file in /etc/sysctl.d/:

net.ipv4.tcp_syncookies = 1

Backout Plan:

Using Linux command line:

1. Disable TCP SYN cookies if necessary:

sysctl -w net.ipv4.tcp_syncookies=0

2. Update configuration files accordingly and reload sysctl.

References: