Thank you for your response, Henrik.
I have this in /etc/sysctl.conf:
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_syncookies = 1
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.accept_redirects = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
What would be the good values for these parameters?
Any extra parameters i should add?
Regards,
Khem
On 06/04/2010 11:15 PM, Henrik Nordström wrote:
fre 2010-06-04 klockan 11:51 +0700 skrev Khemara Lyn:
"Jun 4 11:11:39 cache kernel: possible SYN flooding on port 3128.
Sending cookies."
You get this message when the SYN backlog queue is filled in the TCP
kernel. This is mainly connections in SYN_RECV state. It is safe to
tune up the limit considerably from the defaults.
Is the system really under SYN flood attack?
Probably not. More likely some clients not behaving optimal. But if it
is then the SYN cookies helps making the attack pretty much without any
noticeable effect.
Regards
Henrik
