I check my Squid and I have exact values as you mention on tcp_syncookies and
tcp_max_syn_backlog
$ echo "1" >/proc/sys/net/ipv4/tcp_syncookies
$ echo "1024" >/proc/sys/net/ipv4/tcp_max_syn_backlog
I will check how can I implement it on iptables or if you have link can please
forward it to me.
Thanks again,
Wennie
>
>Quoting Emilio Casbas <ecasbas@unav.es>:
>
> wlagmay@yanbulink.net wrote:
> > Hi all,
> >
> > I can see a message on my log files "possible SYN flooding on port 8080.
> > Sending cookies." not on access.log and cache.log, but I've seen this on
> the
> > message.log.
> >
> > Is this a big problem? how can I prevent this?
> >
> > Thanks,
> >
> > Wennie
> >
> >
> >
> >
> You can enable syn-cookies (prevent syn-flood attacks):
> $ echo "1" >/proc/sys/net/ipv4/tcp_syncookies
>
> or
>
> reduce number of possible SYN Floods:
> $ echo "1024" >/proc/sys/net/ipv4/tcp_max_syn_backlog
>
> you can need a iptables script and see the 'limit' module in iptables.
>
> Thanks
> Emilio C.
>
>
>
Received on Tue Jun 20 2006 - 05:42:48 MDT
This archive was generated by hypermail pre-2.1.9 : Sat Jul 01 2006 - 12:00:02 MDT