Oh i see, thank you for your explanation.
On Wed, May 15, 2013 at 9:22 PM, Reindl Harald <[email protected]>wrote: > > > Am 15.05.2013 16:16, schrieb Ian Kinch: > > So, you said that it is impossible, right? > > no, i said it makes no sense > > the kernel itself has the capabilities for syncookies > and there is zero reason to bother the application > layer with this, that is the same as ratecontrols > belong in the iptables-layer and not in the attacked > application > > * put "net.ipv4.tcp_syncookies = 1" in your sysctl.conf > * type "sysctl -p" > > > On Wed, May 15, 2013 at 9:15 PM, Reindl Harald > > <[email protected]<mailto: > [email protected]>> wrote: > > > > > > Am 15.05.2013 15:46, schrieb Ian Kinch: > > > i want to make a little modification in TCP stack. Instead reply > SYN+ACK, apache will send SYNCOOKIE. > > > i am trying to built a anti-DDoS that mimic a flash crowd. > > > Sorry, if my question is little bit confusing, my english is not > that good > > > > this does not belong in the daemon itself! > > > > [root@srv-rhsoft:~]$ sysctl net.ipv4.tcp_syncookies > > net.ipv4.tcp_syncookies = 1 > > -- ============== *Regrads, * *Ian Febrian Reza M Yulianto*
