I have very recently migrated my production farm to Linux from Solaris
and have enabled the SYN cookie protection
hearing that they might actually work someday and save me :) The trafic
to my site is around 5K hits/sec and it is almost
always a destination for hackers with different kind of attacks. I am
totally new to Linux and after reading some internet
articles on SYN cookies I have some questions which I am puting below.
My sincere apologies to everyone if this is not the right listserv for
the kind of question I am asking so feel free to kick me
out.
My questions are :
1) Why RedHat does not have an extensive documentation on this subject
? I have tried my level best but couldn't find anything
on the RH sites.
2) After enabling the protection ideally I should not see any
TIME_WAIT/CLOSE_WAIT connections in the netstat -na command.
According to the limited documentation I could find, this protection
does not work unless there is a SYN attack on the site. Is this
statement true ? How do I know if it's working or not for me without
going through an attack ?
3) However, after enabling this feature I do see this :
netstat -s|grep SYN
137445 invalid SYN cookies received
What does it mean ?
Thanks for your time ,
Amit Mohan
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
