Hardware logic based mitigation is the only practical way to sustain large SYN floods. Software based solution, even those deployed on blade-center platform, do not have the capability to perform SYN flood mitigation at high data rates.
Hardware logic can perform anti-spoofing using:
Depending on the size of the attack and suitability
Concurrent connection-based attacks on the rise
It is easy for hackers to hire a botnet which runs scripts that open connections and leave them in established state after performing a proper 3-way TCP handshake.
A limited number of connection from many such botnet machines can easily overwhelm a server.
When the number of these attacker IPs is small, you can use software scripts to stop the attack using IPTABLES and TCPKILL like tools.
You can try Nginx constellation reverse proxy configuration and DNS round robin mechanism to reduce the pressure. But practically, this doesn’t seem to work as it requires multiple machines to be managed.
A hardware logic based solution which monitors all connections for behavioral anomalies can easily stop such attacks and aggressively age them both internally and from the servers by sending a TCP RST on behalf of the client.
Social sites that publish objectionable material will now be easy target of attacks. This is a new trend.
These are different from socially networked attacks where a social network is used for launching attack on a site.
Recently there was a battle between two 4chan and Tumblr. Members of the two sites have come to blows, over who "owns" Internet memes, and some on the 4chan message board called for "Operation Overlord" - a DDoS attack targeted against the microblogging site. Tumblr users have threatened to respond by filling the 4chan boards with pictures of kittens.