wlagmay@xxxxxxxxxxxxx wrote:
Hi all, I can see a message on my log files "possible SYN flooding on port 8080. Sending cookies." not on access.log and cache.log, but I've seen this on the message.log. Is this a big problem? how can I prevent this? Thanks, Wennie
You can enable syn-cookies (prevent syn-flood attacks): $ echo "1" >/proc/sys/net/ipv4/tcp_syncookies or reduce number of possible SYN Floods: $ echo "1024" >/proc/sys/net/ipv4/tcp_max_syn_backlog you can need a iptables script and see the 'limit' module in iptables. Thanks Emilio C.
