Lot of SYN flooding requests on Compute Engine Instances

[Nuthan Kumar]

Hi, 

At times, there's SYN flooding on port 80 on the instances which have public IPs, leading to Kernel panic. This brings the server down due to insufficient CPU/Memory.

kernel: possible SYN flooding on port 80. Sending cookies.

Ideally, How do we get over this problem?

Thanks,

Nuthan.

[Irina (Google Cloud Support)]

You can enable SYN flood protection ‘net.ipv4.tcp_syncookies = 1’ by editing the kernel security settings file ‘/etc/sysctl.conf’ as outlined at this article. Also, you can use Google load balancing in your infrastructure that mitigates and absorbs many attacks including SYN floods. Another item that might be interested to you is the best practices for DDoS protection and mitigation on Google Cloud Platform.