I still don't understand this SYN attack, but now I can block it easily
Summary
The post details a real-world SYN flood-like traffic pattern from Brazilian sources, how the author uses iptables to log and a TTL-based rule to block traffic, and reports a significant drop in half-open connections after implementing the rule. It notes uncertainty about the attack's underlying cause and offers practical but potentially risky defense steps for small networks.