Block it fast with CSF:
SYNFLOOD = “1”
SYNFLOOD_RATE = “30/s”
SYNFLOOD_BURST = “5”
Good Articles
- http://www.cyberciti.biz/faq/check-network-connection-linux/
- http://www.cyberciti.biz/tips/howto-limit-linux-syn-attacks.html
Checkout TCPTrack: http://pkgs.repoforge.org/tcptrack/tcptrack-1.4.0-1.el6.rf.x86_64.rpm