On Mon, 2004-09-27 at 13:52, Jiann-Ming Su wrote: > I'd like to know what some of these proc paremeters mean as well. > What we're experiencing is a SYN flood attack that's filling up the > connection tables. What I'd like to do is change the timeout to 5 > seconds, instead of the default 30 seconds. in the case of a SYN flood attack--you'd probably be better off utilizing the limit match, rather than mucking with global timeout values. in any case--the timeout value you would probably be interested in changing in the case of a SYN flood attack would be: sysctl -w net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv=X where your proposed X=5. the default i have here for that value is 60 seconds. -j -- Jason Opperisano <opie@xxxxxxxxxxx>
