Please help me unsubscribe from this list. I have tried asking for help now
5 times.
many thanks
Craig
wlagmay@xxxxxxxxxxxxx wrote:
I check my Squid and I have exact values as you mention on tcp_syncookies
and
tcp_max_syn_backlog
$ echo "1" >/proc/sys/net/ipv4/tcp_syncookies
$ echo "1024" >/proc/sys/net/ipv4/tcp_max_syn_backlog
I will check how can I implement it on iptables or if you have link can
please
forward it to me.
Thanks again,
Wennie
it can be useful;
http://www.netfilter.org/documentation/HOWTO//netfilter-extensions-HOWTO-3.html#ss3.5
But from here, this is more a iptables question.
Thanks
Emilio C.
Quoting Emilio Casbas <ecasbas@xxxxxxx>:
wlagmay@xxxxxxxxxxxxx wrote:
Hi all,
I can see a message on my log files "possible SYN flooding on port
8080.
Sending cookies." not on access.log and cache.log, but I've seen this on
the
message.log.
Is this a big problem? how can I prevent this?
Thanks,
Wennie
You can enable syn-cookies (prevent syn-flood attacks):
$ echo "1" >/proc/sys/net/ipv4/tcp_syncookies
or
reduce number of possible SYN Floods:
$ echo "1024" >/proc/sys/net/ipv4/tcp_max_syn_backlog
you can need a iptables script and see the 'limit' module in iptables.
Thanks
Emilio C.
