Search squid archive

Re: SYN flooding

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Please help me unsubscribe from this list. I have tried asking for help now 5 times.

many thanks

Craig

wlagmay@xxxxxxxxxxxxx wrote:
I check my Squid and I have exact values as you mention on tcp_syncookies and
tcp_max_syn_backlog

$ echo "1" >/proc/sys/net/ipv4/tcp_syncookies
$ echo "1024" >/proc/sys/net/ipv4/tcp_max_syn_backlog

I will check how can I implement it on iptables or if you have link can please
forward it to me.

Thanks again,

Wennie

it can be useful;
http://www.netfilter.org/documentation/HOWTO//netfilter-extensions-HOWTO-3.html#ss3.5
But from here, this is more a iptables question.

Thanks
Emilio C.

Quoting Emilio Casbas <ecasbas@xxxxxxx>:

wlagmay@xxxxxxxxxxxxx wrote:

Hi all,

I can see a message on my log files "possible SYN flooding on port 8080.
Sending cookies." not on access.log and cache.log, but I've seen this on

the

message.log.

Is this a big problem? how can I prevent this?

Thanks,

Wennie





You can enable syn-cookies (prevent syn-flood attacks):
$ echo "1" >/proc/sys/net/ipv4/tcp_syncookies

or

reduce number of possible SYN Floods:
$ echo "1024" >/proc/sys/net/ipv4/tcp_max_syn_backlog

you can need a iptables script and see the 'limit' module in iptables.

Thanks
Emilio C.







[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux