thanks for the quick reply,
i do have iptables set up and use all kinds of settings that i red of the internet
iptables -A INPUT -s any/0 -p tcp --syn -j DROP
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts /for smurf etc..
sysctl -w net.ipv4.tcp_max_syn_backlog="2048" to max the open pipes..
but im unsure how to setup the other things u mentioned.. Sanity check, xmas, null...
But what I've seen is that even if i drop the syn_ack they still get recieved, so there is no chance of saving that bw but it still succedes in killing my connection and makes it almost impossible to ssh to the box
* The apache is off, this is towards the ssh port or any port that they find open...
* should i really RETURN the syn requests? isn't it better to DROP that to?