Re: Mitigating SYN flooding with Netfilter or net.ipv4.tcp_syncookies ?
From: Lee E. Brotzman (leb@gmss.com)Date: 01/31/02
- Previous message: David Correa: "Re: apache and nimbda"
- Next in thread: Harald Skoglund: "Re: Mitigating SYN flooding with Netfilter or net.ipv4.tcp_syncookies ?"
- Reply: Harald Skoglund: "Re: Mitigating SYN flooding with Netfilter or net.ipv4.tcp_syncookies ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Focus-Linux (E-mail)" <focus-linux@securityfocus.com> Date: Thu, 31 Jan 2002 09:26:00 -0500 From: "Lee E. Brotzman" <leb@gmss.com>
On Tue, 29 Jan 2002 23:47:06 CST, John Coke said:
> The only ***, if you will, is the protection
> against SYN flooding. I see 2 solutions and would like the forum's input.
> The first is using syncookies and the second is Netfilter's rate limiting.
Another mitigation against SYN flooding is increasing the value of
/proc/sys/net/ipv4/tcp_max_syn_backlog. On 2.2 kernels, I believe the value
defaults to 128, and on 2.4 kernels I believe the default is 1024. If your
init scripts invoke sysctl during boot (like Red Hat), put this in
/etc/sysctl.conf:
# Reduce SYN Floods
net.ipv4.tcp_max_syn_backlog=4096
Replace "4096" with whatever you are comfortable with.
Or from the command line:
# echo 4096 >/proc/sys/net/ipv4/tcp_max_syn_backlog
-- -- Lee E. Brotzman -- Allied Technology Group
- Previous message: David Correa: "Re: apache and nimbda"
- Next in thread: Harald Skoglund: "Re: Mitigating SYN flooding with Netfilter or net.ipv4.tcp_syncookies ?"
- Reply: Harald Skoglund: "Re: Mitigating SYN flooding with Netfilter or net.ipv4.tcp_syncookies ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
