If you believe you are under a SYN attack, run the following command:
* netstat -an |grep :80 |more
You will see a list like the following, however there will be serveral hundred entries:
tcp 0 0 12.34.56.78:80 211.48.6.244:1048 SYN_RECV
tcp 0 0 12.34.56.78:80 128.223.93.135:1167 SYN_RECV
tcp 0 0 12.34.56.78:80 194.15.197.170:1192 SYN_RECV
tcp 0 0 12.34.56.78:80 199.155.53.109:1039 SYN_RECV
tcp 0 0 12.34.56.78:80 4.168.188.28:1048 SYN_RECV
Assuming your kernel was built with syncookie support, execute the following command as root:
* echo 1 > /proc/sys/net/ipv4/tcp_syncookies
If it's not enabled, there isn't much you can do other than build a new kernel and reboot and use it or wait out the attack. Some datacenters can help with this as well.