Hi, I'm having problems to secure debian server against syn flood attacks.
Setting /proc/sys/net/ipv4/tcp_syncookies = 1 , didnt solve the problem. I get this in dmesg, and all network traffic sent is lost: [ 561.282950] possible SYN flooding on port 80. Sending cookies. [ 562.869160] dst cache overflow [ 562.873893] dst cache overflow [ 562.878144] dst cache overflow [ 562.881992] dst cache overflow I've tried to set these parameters from a server protected against this attack (default Ubuntu installations are): /proc/sys/net/ipv4/route/error_burst:500 /proc/sys/net/ipv4/route/error_cost:100 /proc/sys/net/ipv4/route/gc_elasticity:8 /proc/sys/net/ipv4/route/gc_interval:60 /proc/sys/net/ipv4/route/gc_min_interval:0 /proc/sys/net/ipv4/route/gc_min_interval_ms:500 /proc/sys/net/ipv4/route/gc_thresh:65536 /proc/sys/net/ipv4/route/gc_timeout:300 /proc/sys/net/ipv4/route/max_size:1048576 /proc/sys/net/ipv4/route/min_adv_mss:256 /proc/sys/net/ipv4/route/min_pmtu:552 /proc/sys/net/ipv4/route/mtu_expires:600 /proc/sys/net/ipv4/route/redirect_load:2 /proc/sys/net/ipv4/route/redirect_number:9 /proc/sys/net/ipv4/route/redirect_silence:2048 /proc/sys/net/ipv4/route/secret_interval:600 The "dst cache overflow" seems to have stopped, although my network traffic is still being lost. Any succesfull configurations? Any ideas? Thanks in advance. Cheers. -- Sergio Roberto Charpinel Jr.
