Am 15.05.2013 16:16, schrieb Ian Kinch: > So, you said that it is impossible, right?
no, i said it makes no sense the kernel itself has the capabilities for syncookies and there is zero reason to bother the application layer with this, that is the same as ratecontrols belong in the iptables-layer and not in the attacked application * put "net.ipv4.tcp_syncookies = 1" in your sysctl.conf * type "sysctl -p" > On Wed, May 15, 2013 at 9:15 PM, Reindl Harald <[email protected] > <mailto:[email protected]>> wrote: > > > Am 15.05.2013 15:46, schrieb Ian Kinch: > > i want to make a little modification in TCP stack. Instead reply > SYN+ACK, apache will send SYNCOOKIE. > > i am trying to built a anti-DDoS that mimic a flash crowd. > > Sorry, if my question is little bit confusing, my english is not that > good > > this does not belong in the daemon itself! > > [root@srv-rhsoft:~]$ sysctl net.ipv4.tcp_syncookies > net.ipv4.tcp_syncookies = 1
signature.asc
Description: OpenPGP digital signature
