Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

Example Analysis of defending against SYN attacks in linux

2025-02-24 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/01 Report--

This article mainly introduces the example analysis of defense against SYN attacks in linux, which has a certain reference value. Interested friends can refer to it. I hope you will gain a lot after reading this article.

1. Default syn configuration sysctl-a | grep _ synnet.ipv4.tcp_max_syn_backlog = 1024net.ipv4.tcp_syncookies = 1net.ipv4.tcp_synack_retries = 5net.ipv4.tcp_syn_retries = 5

Tcp_max_syn_backlog is the length of the SYN queue, and increasing the length of the SYN queue can accommodate more network connections waiting to be connected. Tcp_syncookies is a switch, whether to turn on the SYN Cookie function, this function can prevent some SYN attacks. Tcp_synack_retries and tcp_syn_retries define the number of retry connections for SYN and reduce the default parameters to control the number of SYN connections as little as possible.

Second, modify the syn configuration ulimit-HSn 65535sysctl-w net.ipv4.tcp_max_syn_backlog=2048sysctl-w net.ipv4.tcp_syncookies=1sysctl-w net.ipv4.tcp_synack_retries=2sysctl-w net.ipv4.tcp_syn_retries= 23, add firewall rules # Syn flood attack (--limit 1 tcp- limit the number of syn concurrency once per second) iptables-An INPUT-p tcp--syn-m limit-limit 1 tcp- iptables-A FORWARD-p tcp--tcp-flags SYN,ACK FIN,RST RST-m limit-- limit 1gram s-j ACCEPT# flood prevention pingiptables-A FORWARD-p icmp--icmp-type echo-request-m limit-- limit 1ram s-j ACCEPT IV, add boot up

Finally, don't forget to write the commands in two, three and three to / etc/rc.d/rc.local.

Thank you for reading this article carefully. I hope the article "sample Analysis of defending against SYN attacks in linux" shared by the editor will be helpful to you. At the same time, I also hope that you will support and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Attacks articles examples analysis defense functions more times length queues configurations values interests parameters simultaneously commands friends floods knowledge ports vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple Redmi macOS Huawei Shulou Tech Info NVidia Microsoft OPPO Reno Apple vpn MySQL MariaDB Shulou Technology Docker Linux Xiaomi Shulou Information Redmi macOS Huawei Shulou Tech Info NVidia Microsoft OPPO Reno Apple vpn MySQL MariaDB Shulou Technology Docker Linux Xiaomi Shulou Information

Share To

Related

Servers

More Servers >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report