Re: tcp syn flood and /proc configuration

2002-05-09 Thread Peter Cordes
On Wed, May 08, 2002 at 01:45:32AM +0800, Patrick Hsieh wrote: > Hello Vincent Hanquez <[EMAIL PROTECTED]>, > > But this option seems to bring some side-effect. Is there any > alternative? > > tcp_syncookies - BOOLEAN > Only valid when the kernel was compiled with CONFIG_SYNCOOKIES >

Re: tcp syn flood and /proc configuration

2002-05-07 Thread Vincent Hanquez
On Wed, May 08, 2002 at 01:45:32AM +0800, Patrick Hsieh wrote: > > But this option seems to bring some side-effect. Is there any > alternative? imho the better way is to use syncookie. problems written on the ip-sysctl documentation are more or less normal. there's not a very good way to know if

Re: tcp syn flood and /proc configuration

2002-05-07 Thread Patrick Hsieh
Hello Vincent Hanquez <[EMAIL PROTECTED]>, But this option seems to bring some side-effect. Is there any alternative? tcp_syncookies - BOOLEAN Only valid when the kernel was compiled with CONFIG_SYNCOOKIES Send out syncookies when the syn backlog queue of a socket overflow

Re: tcp syn flood and /proc configuration

2002-05-07 Thread Vincent Hanquez
On Tue, May 07, 2002 at 10:26:43PM +0800, Patrick Hsieh wrote: > Hello list, > > Is there anyone having any suggestion to tune the /proc/sys/net/ipv4/* > to avoid tcp syn flood attack? there a kernel option "IP: TCP syncookie support" to do that you can activate it with : echo 1 > /proc/sys/net/

Re: tcp syn flood and /proc configuration

2002-05-07 Thread Vincent Hanquez
On Wed, May 08, 2002 at 01:45:32AM +0800, Patrick Hsieh wrote: > > But this option seems to bring some side-effect. Is there any > alternative? imho the better way is to use syncookie. problems written on the ip-sysctl documentation are more or less normal. there's not a very good way to know if

Re: tcp syn flood and /proc configuration

2002-05-07 Thread Patrick Hsieh
Hello Vincent Hanquez <[EMAIL PROTECTED]>, But this option seems to bring some side-effect. Is there any alternative? tcp_syncookies - BOOLEAN Only valid when the kernel was compiled with CONFIG_SYNCOOKIES Send out syncookies when the syn backlog queue of a socket overflo

tcp syn flood and /proc configuration

2002-05-07 Thread Patrick Hsieh
Hello list, Is there anyone having any suggestion to tune the /proc/sys/net/ipv4/* to avoid tcp syn flood attack? After reading Documentation/networking/ip-sysctl.txt, I'd like to change tcp_syn_retries tcp_synack_retries both to "1", does it help? Any suggestion highly appreciated. -- Patri

Re: tcp syn flood and /proc configuration

2002-05-07 Thread Vincent Hanquez
On Tue, May 07, 2002 at 10:26:43PM +0800, Patrick Hsieh wrote: > Hello list, > > Is there anyone having any suggestion to tune the /proc/sys/net/ipv4/* > to avoid tcp syn flood attack? there a kernel option "IP: TCP syncookie support" to do that you can activate it with : echo 1 > /proc/sys/net

tcp syn flood and /proc configuration

2002-05-07 Thread Patrick Hsieh
Hello list, Is there anyone having any suggestion to tune the /proc/sys/net/ipv4/* to avoid tcp syn flood attack? After reading Documentation/networking/ip-sysctl.txt, I'd like to change tcp_syn_retries tcp_synack_retries both to "1", does it help? Any suggestion highly appreciated. -- Patr