wlagmay@yanbulink.net wrote:
> Hi all,
>
> I can see a message on my log files "possible SYN flooding on port 8080.
> Sending cookies." not on access.log and cache.log, but I've seen this on the
> message.log.
>
> Is this a big problem? how can I prevent this?
>
> Thanks,
>
> Wennie
>
>
>
>
You can enable syn-cookies (prevent syn-flood attacks):
$ echo "1" >/proc/sys/net/ipv4/tcp_syncookies
or
reduce number of possible SYN Floods:
$ echo "1024" >/proc/sys/net/ipv4/tcp_max_syn_backlog
you can need a iptables script and see the 'limit' module in iptables.
Thanks
Emilio C.
Received on Tue Jun 20 2006 - 05:30:10 MDT
This archive was generated by hypermail pre-2.1.9 : Sat Jul 01 2006 - 12:00:02 MDT