Date: Wed, 20 Sep 2006 01:21:51 -0400 From: "Darrell D. Mobley" <dmobley (at mark) uhostme.net> Subject: [coba-e:07104] Re: SYN Floods To: <coba-e (at mark) bluequartz.org> Message-Id: <00ca01c6dc74$ae5a0510$6400a8c0@YOUR4105E587B6> In-Reply-To: <1486c6440609192113r2fd4a031g442eae3e946c2b77 (at mark) mail.gmail.com> X-Mail-Count: 07104Adam, I saw that on Google wile digging around tonight. I invoked it and two others: echo 1 > /proc/sys/net/ipv4/tcp_syncookies sysctl -w net.ipv4.tcp_max_syn_backlog="2048" sysctl -w net.ipv4.tcp_synack_retries="3" Stuck these in the end of /etc/rc.d/rc.local as well. Thanks! _____ From: Adam Crews [mailto:adam.crews (at mark) gmail.com] Sent: Wednesday, September 20, 2006 12:13 AM To: coba-e (at mark) bluequartz.org Subject: [coba-e:07103] Re: SYN Floods My system has it available, but disabled by default. Simply try a 'echo 1 > /proc/sys/net/ipv4/tcp_syncookies' and you should be all set. -Adam On 9/19/06, Darrell D. Mobley <dmobley (at mark) uhostme.net> wrote: I have blocked three SYN_FLOOD attacks tonight alone. Haven't had the server overloaded yet, but it could be a long night. _____ From: Darrell D. Mobley [mailto:dmobley (at mark) uhostme.net] Sent: Tuesday, September 19, 2006 10:29 PM To: coba-e (at mark) bluequartz.org Subject: [coba-e:07101] SYN Floods I have come to the conclusion when I get the random message that the web server is not responding that the server is experiencing a SYN flood. I have sshdfilter and portsentry running, and I imagine that when a script-kiddie gets blocked, he gets pissed and unleashes a SYN flood. Does BlueQuartz have capabilities for tcp_syncookies built into the kernel? -- ----------------------------------------------------------------- Shroom.net Donation Based Web Hosting http://www.shroom.net/ -----------------------------------------------------------------7104_2.html (attatchment)(tag is disabled)