On Tue, 29 Jan 2002 23:47:06 CST, John Coke said:
> The only chink, if you will, is the protection
> against SYN flooding. I see 2 solutions and would like the forum's input.
> The first is using syncookies and the second is Netfilter's rate limiting.
Another mitigation against SYN flooding is increasing the value of
/proc/sys/net/ipv4/tcp_max_syn_backlog. On 2.2 kernels, I believe the value
defaults to 128, and on 2.4 kernels I believe the default is 1024. If your
init scripts invoke sysctl during boot (like Red Hat), put this in
/etc/sysctl.conf:
# Reduce SYN Floods
net.ipv4.tcp_max_syn_backlog=4096
Replace "4096" with whatever you are comfortable with.
Or from the command line:
# echo 4096 >/proc/sys/net/ipv4/tcp_max_syn_backlog
--
-- Lee E. Brotzman
-- Allied Technology Group
