wlagmay@yanbulink.net wrote:
> I check my Squid and I have exact values as you mention on tcp_syncookies and
> tcp_max_syn_backlog
>
> $ echo "1" >/proc/sys/net/ipv4/tcp_syncookies
> $ echo "1024" >/proc/sys/net/ipv4/tcp_max_syn_backlog
>
> I will check how can I implement it on iptables or if you have link can please
> forward it to me.
>
> Thanks again,
>
> Wennie
>
it can be useful;
http://www.netfilter.org/documentation/HOWTO//netfilter-extensions-HOWTO-3.html#ss3.5
But from here, this is more a iptables question.
Thanks
Emilio C.
>
>> Quoting Emilio Casbas <ecasbas@unav.es>:
>>
>> wlagmay@yanbulink.net wrote:
>>
>>> Hi all,
>>>
>>> I can see a message on my log files "possible SYN flooding on port 8080.
>>> Sending cookies." not on access.log and cache.log, but I've seen this on
>>>
>> the
>>
>>> message.log.
>>>
>>> Is this a big problem? how can I prevent this?
>>>
>>> Thanks,
>>>
>>> Wennie
>>>
>>>
>>>
>>>
>>>
>> You can enable syn-cookies (prevent syn-flood attacks):
>> $ echo "1" >/proc/sys/net/ipv4/tcp_syncookies
>>
>> or
>>
>> reduce number of possible SYN Floods:
>> $ echo "1024" >/proc/sys/net/ipv4/tcp_max_syn_backlog
>>
>> you can need a iptables script and see the 'limit' module in iptables.
>>
>> Thanks
>> Emilio C.
>>
>>
>>
>>
Received on Tue Jun 20 2006 - 06:51:18 MDT
This archive was generated by hypermail pre-2.1.9 : Sat Jul 01 2006 - 12:00:02 MDT