On Wed, May 08, 2002 at 01:45:32AM +0800, Patrick Hsieh wrote:
> Hello Vincent Hanquez <[EMAIL PROTECTED]>,
>
> But this option seems to bring some side-effect. Is there any
> alternative?
>
> tcp_syncookies - BOOLEAN
> Only valid when the kernel was compiled with CONFIG_SYNCOOKIES
>
On Wed, May 08, 2002 at 01:45:32AM +0800, Patrick Hsieh wrote:
>
> But this option seems to bring some side-effect. Is there any
> alternative?
imho the better way is to use syncookie.
problems written on the ip-sysctl documentation are more or less normal.
there's not a very good way to know if
Hello Vincent Hanquez <[EMAIL PROTECTED]>,
But this option seems to bring some side-effect. Is there any
alternative?
tcp_syncookies - BOOLEAN
Only valid when the kernel was compiled with CONFIG_SYNCOOKIES
Send out syncookies when the syn backlog queue of a socket
overflow
On Tue, May 07, 2002 at 10:26:43PM +0800, Patrick Hsieh wrote:
> Hello list,
>
> Is there anyone having any suggestion to tune the /proc/sys/net/ipv4/*
> to avoid tcp syn flood attack?
there a kernel option "IP: TCP syncookie support" to do that
you can activate it with :
echo 1 > /proc/sys/net/
On Wed, May 08, 2002 at 01:45:32AM +0800, Patrick Hsieh wrote:
>
> But this option seems to bring some side-effect. Is there any
> alternative?
imho the better way is to use syncookie.
problems written on the ip-sysctl documentation are more or less normal.
there's not a very good way to know if
Hello Vincent Hanquez <[EMAIL PROTECTED]>,
But this option seems to bring some side-effect. Is there any
alternative?
tcp_syncookies - BOOLEAN
Only valid when the kernel was compiled with CONFIG_SYNCOOKIES
Send out syncookies when the syn backlog queue of a socket
overflo
Hello list,
Is there anyone having any suggestion to tune the /proc/sys/net/ipv4/*
to avoid tcp syn flood attack?
After reading Documentation/networking/ip-sysctl.txt, I'd like to change
tcp_syn_retries
tcp_synack_retries
both to "1", does it help? Any suggestion highly appreciated.
--
Patri
On Tue, May 07, 2002 at 10:26:43PM +0800, Patrick Hsieh wrote:
> Hello list,
>
> Is there anyone having any suggestion to tune the /proc/sys/net/ipv4/*
> to avoid tcp syn flood attack?
there a kernel option "IP: TCP syncookie support" to do that
you can activate it with :
echo 1 > /proc/sys/net
Hello list,
Is there anyone having any suggestion to tune the /proc/sys/net/ipv4/*
to avoid tcp syn flood attack?
After reading Documentation/networking/ip-sysctl.txt, I'd like to change
tcp_syn_retries
tcp_synack_retries
both to "1", does it help? Any suggestion highly appreciated.
--
Patr
9 matches
Mail list logo