Differences
This shows you the differences between two versions of the page.
server-administration:hardening-tcpip-syn-flood [2010-06-28 22:20:21] garrett.plasky created |
server-administration:hardening-tcpip-syn-flood [2011-07-01 19:17:13] (current) garrett.plasky Approved |
||
---|---|---|---|
Line 11: | Line 11: | ||
The Linux kernel allows you to directly change the various parameters needed to mitigate against SYN flood attacks. We won't go into detail here about what each one does specifically, | The Linux kernel allows you to directly change the various parameters needed to mitigate against SYN flood attacks. We won't go into detail here about what each one does specifically, | ||
- | <code console># echo 1 > / | + | <sxh bash>echo 1 > / |
- | # echo 2048 > / | + | echo 2048 > / |
- | # echo 3 > / | + | echo 3 > / |
This sets the kernel to use the {{http:// | This sets the kernel to use the {{http:// | ||
Line 21: | Line 21: | ||
To make these changes persist over consecutive reboots, we need to tell the sysctl system about these modified parameters. We use the < | To make these changes persist over consecutive reboots, we need to tell the sysctl system about these modified parameters. We use the < | ||
- | <code># TCP SYN Flood Protection | + | <sxh shell># TCP SYN Flood Protection |
net.ipv4.tcp_syncookies = 1 | net.ipv4.tcp_syncookies = 1 | ||
net.ipv4.tcp_max_syn_backlog = 2048 | net.ipv4.tcp_max_syn_backlog = 2048 | ||
- | net.ipv4.tcp_synack_retries = 3</code> | + | net.ipv4.tcp_synack_retries = 3</sxh> |
Your changes will now be permanent! | Your changes will now be permanent! | ||
{{tag> | {{tag> |