Need urgent help please!

[sahar]

I've been messing around with so many configs the past 24hours without success, i'm being attacked by SYN flood and the attacker still does damage, legitimate traffic doesn't get through.
The problem is only with initializing new connections, if someone succesfully connects to my server he doesn't suffer from any delays or so.
Here is my csf.conf:
-- deleted link --

Here are the few last lines at /var/log/message
-- deleted code --

Only 1 port (2106) is being attacked by many IP addresses, the firewall seems to detect them but still nobody can establish a new connection on this port.

Here are some images with traffic from real time monitor:
http://oi61.tinypic.com/24q6cr9.jpg
http://oi62.tinypic.com/eaqvsw.jpg

Its a dedicated server with 250mbps connection, 120 GB SSD, 16 GB RAM, intel I7

Please help me out, thank you!

[Elizine]

Hi,
Here's how tot defend with the Sync Flood attacks - http://searchsecurity.techtarget.com/an ... ood-attack

[Sergio]

Are the users of this server around the world?
Are the IP attackers coming from countries that you don't allow into your server?

If so, make a list of the attacks and block port 2106 for that countries in CC_DENY_PORTS and deny the access to port 2106 in CC_DENY_PORTS_TCP and CC_DENY_PORTS_UDP as a first measure.

Installing MOD_QoS could help you as well.

Word of caution: never display your firewall configuration to the world as you are giving useful information to a hacker. In your configuration I can see that you use, for example, port 22 and your IP is written in your message under "DST=", giving this info to the world is really bad, so, you should expect a lot more attacks to your server.