On 12 Dec 2000, at 20:55, Mike Sensney wrote:
> I was reading Steve Gibson's site today and came across an interesting
> article on how he implemented SYN Flood protection for his site.
> That fix is in the kernel right now. It is disabled by default. Maybe
> it should be enabled for LRP/LEAF.
>
> echo 1 > /proc/sys/net/ipv4/tcp_syncookies
This has already been done in the Oxygen distribution. Here is a
condensation of the /etc/sysctl.conf contained in Oxygen, which
contains this and other kernel-level protections:
net.ipv4.ip_forward = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.icmp_echo_ignore_all = 1
net.ipv4.ip_always_defrag = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all accept_source_route = 0
kernel.sysrq = 1
...yes, the SysReq key works :-)
Most all of these (except kernel.sysreq) are network security
settings. You may wish to consider them.
--
David Douthitt
UNIX Systems Administrator
HP-UX, Linux, Unixware
[EMAIL PROTECTED]
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/mailman/listinfo/leaf-devel
