I need to know what kind of setting do I have to configure on suricata.yaml or the rules to prevent my host from SYN Flood.
I’ve been configure it to drop it using these following rule:
drop http any any -> $HOME_NET 80 (msg:“HPING3”; ttl:64; flags:S; threshold:type threshold; track by_dst, count 100, seconds 5; classtype:attempted-dos; sid:1; rev:1; metadata:created_at 2020_06_11, updated_at 2020_06_11;)
but the problem then is that every http request from the client cannot be processed because iptables is blocking port 80.
Is there any reference for this thing? I’ve been looking for it, but the topic on suricata is too broad, whereas I have little time to finish this.
hope anyone can help me solve this problem