On most current Linux servers, we can enable syncookies to help defend syn flood attack. On newer kernels (kernel version >= 2.6.26), there is also is the "tcp_timestamp" option

sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_max_syn_backlog=2048
sysctl -w net.ipv4.tcp_synack_retries=3

References:

• http://www.securityfocus.com/infocus/1729
• http://lwn.net/Articles/277146/

More reference on defense against syn flood:

• http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_9-4/syn_f...