You can tune your server to avoid slowdown during an attack.
We recommend to set this only if you know what you are doing.
net.ipv4.ip_local_port_range=32768 61000 net.ipv4.tcp_dsack=0 net.ipv4.tcp_ecn=0 net.ipv4.tcp_fack=0 net.ipv4.tcp_fin_timeout=1 net.ipv4.tcp_keepalive_intvl=10 net.ipv4.tcp_keepalive_probes=3 net.ipv4.tcp_keepalive_time=30 net.ipv4.tcp_low_latency=1 net.ipv4.tcp_max_orphans=524288 net.ipv4.tcp_max_syn_backlog=2048 net.ipv4.tcp_no_metrics_save=1 net.ipv4.tcp_retries2=10 net.ipv4.tcp_sack=1 net.ipv4.tcp_slow_start_after_idle=0 net.ipv4.tcp_synack_retries=3 net.ipv4.tcp_syncookies=2 net.ipv4.tcp_timestamps=1 net.ipv4.tcp_tw_recycle=1 net.ipv4.tcp_tw_reuse=1 net.ipv4.tcp_window_scaling=1