Re: [squid-users] SYN flooding

From: Craig Home <craig_home@dont-contact.us>
Date: Tue, 20 Jun 2006 15:21:48 +0000

Please help me unsubscribe from this list. I have tried asking for help now
5 times.

many thanks

Craig

>wlagmay@yanbulink.net wrote:
>>I check my Squid and I have exact values as you mention on tcp_syncookies
>>and
>>tcp_max_syn_backlog
>>
>>$ echo "1" >/proc/sys/net/ipv4/tcp_syncookies
>>$ echo "1024" >/proc/sys/net/ipv4/tcp_max_syn_backlog
>>
>>I will check how can I implement it on iptables or if you have link can
>>please
>>forward it to me.
>>
>>Thanks again,
>>
>>Wennie
>>
>it can be useful;
>http://www.netfilter.org/documentation/HOWTO//netfilter-extensions-HOWTO-3.html#ss3.5
>But from here, this is more a iptables question.
>
>Thanks
>Emilio C.
>>
>>>Quoting Emilio Casbas <ecasbas@unav.es>:
>>>
>>>wlagmay@yanbulink.net wrote:
>>>
>>>>Hi all,
>>>>
>>>>I can see a message on my log files "possible SYN flooding on port
>>>>8080.
>>>>Sending cookies." not on access.log and cache.log, but I've seen this on
>>>>
>>>the
>>>
>>>>message.log.
>>>>
>>>>Is this a big problem? how can I prevent this?
>>>>
>>>>Thanks,
>>>>
>>>>Wennie
>>>>
>>>>
>>>>
>>>>
>>>>
>>>You can enable syn-cookies (prevent syn-flood attacks):
>>>$ echo "1" >/proc/sys/net/ipv4/tcp_syncookies
>>>
>>>or
>>>
>>>reduce number of possible SYN Floods:
>>>$ echo "1024" >/proc/sys/net/ipv4/tcp_max_syn_backlog
>>>
>>>you can need a iptables script and see the 'limit' module in iptables.
>>>
>>>Thanks
>>>Emilio C.
>>>
>>>
>>>
>>>
Received on Tue Jun 20 2006 - 09:21:52 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Jul 01 2006 - 12:00:02 MDT