I check my Squid and I have exact values as you mention on tcp_syncookies and tcp_max_syn_backlog $ echo "1" >/proc/sys/net/ipv4/tcp_syncookies $ echo "1024" >/proc/sys/net/ipv4/tcp_max_syn_backlog I will check how can I implement it on iptables or if you have link can please forward it to me. Thanks again, Wennie > >Quoting Emilio Casbas <ecasbas@xxxxxxx>: > > wlagmay@xxxxxxxxxxxxx wrote: > > Hi all, > > > > I can see a message on my log files "possible SYN flooding on port 8080. > > Sending cookies." not on access.log and cache.log, but I've seen this on > the > > message.log. > > > > Is this a big problem? how can I prevent this? > > > > Thanks, > > > > Wennie > > > > > > > > > You can enable syn-cookies (prevent syn-flood attacks): > $ echo "1" >/proc/sys/net/ipv4/tcp_syncookies > > or > > reduce number of possible SYN Floods: > $ echo "1024" >/proc/sys/net/ipv4/tcp_max_syn_backlog > > you can need a iptables script and see the 'limit' module in iptables. > > Thanks > Emilio C. > > >
