# TCP: SYN cookies enabled due to high connection rate on port 443, dropping connections

- **ID:** `networking/tcp-syn-cookies-enabled`
- **Domain:** networking
- **Category:** network_error
- **Verification:** ai_generated
- **Fix Rate:** 85%

## Root Cause

The kernel detected a high rate of incoming SYN packets on a port, triggering SYN cookies as a defense against SYN flood attacks, which can cause legitimate connections to be dropped if the cookie validation fails.

## Version Compatibility

| Version | Status | Introduced | Deprecated |
|---------|--------|------------|------------|
| Linux 5.15+ | active | — | — |
| Linux 6.1+ | active | — | — |
| Ubuntu 22.04 | active | — | — |
| Debian 12 | active | — | — |

## Workarounds

1. **Increase the SYN backlog and reduce the threshold for SYN cookies: sysctl -w net.ipv4.tcp_max_syn_backlog=8192 && sysctl -w net.ipv4.tcp_synack_retries=2** (85% success)
   ```
   Increase the SYN backlog and reduce the threshold for SYN cookies: sysctl -w net.ipv4.tcp_max_syn_backlog=8192 && sysctl -w net.ipv4.tcp_synack_retries=2
   ```
2. **Use a load balancer or reverse proxy (e.g., Nginx) to distribute incoming connections and reduce the SYN rate on the backend server** (90% success)
   ```
   Use a load balancer or reverse proxy (e.g., Nginx) to distribute incoming connections and reduce the SYN rate on the backend server
   ```

## Dead Ends

- **** — This leaves the server vulnerable to SYN flood attacks and may cause resource exhaustion under high traffic. (70% fail)
- **** — A high backlog does not prevent SYN cookies from being enabled when the SYN rate exceeds the threshold. (85% fail)