Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

How does Linux defend against SYN attacks

2025-02-27 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >

Share

Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to defend against SYN attacks by Linux". Interested friends may wish to have a look at it. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn how to defend against SYN attacks by Linux.

1. Default syn configuration sysctl-a | grep _ syn net.ipv4.tcp_max_syn_backlog = 1024 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_synack_retries = 5 net.ipv4.tcp_syn_retries = 5tcp_max_syn_backlog is the length of the SYN queue. Increasing the length of the SYN queue can accommodate more network connections waiting for connections. Tcp_syncookies is a switch, whether to turn on the SYN Cookie function, this function can prevent some SYN attacks. Tcp_synack_retries and tcp_syn_retries define the number of retry connections for SYN and reduce the default parameters to control the number of SYN connections as little as possible.

Second, modify the syn configuration ulimit-HSn 65535 sysctl-w net.ipv4.tcp_max_syn_backlog=2048 sysctl-w net.ipv4.tcp_syncookies=1 sysctl-w net.ipv4.tcp_synack_retries=2 sysctl-w net.ipv4.tcp_syn_retries= 2, Add firewall rule # Syn flood attack (--limit 1 FORWARD s limit syn concurrency once per second) iptables-An INPUT-p tcp--syn-m limit-limit 1 ACCEPT # Anti-port scanning iptables-A FORWARD-p tcp--tcp-flags SYN ACK,FIN,RST RST-m limit-- limit 1Universe s-j ACCEPT # Flood prevention ping iptables-A FORWARD-p icmp--icmp-type echo-request-m limit-- limit 1Universe s-j ACCEPT 4, add boot boot and finally don't forget to write the commands in second, third and third parts to / etc/rc.d/rc.local

At this point, I believe you have a deeper understanding of "Linux how to defend against SYN attacks". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Attack defense content function more times length queue learning configuration practical deeper interest parameter command practical practical simple operation method friend vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple MariaDB Apple vpn OPPO Reno Xiaomi Docker Linux NVidia Shulou Information Redmi Huawei Shulou Technology Microsoft macOS Shulou Tech Info MySQL MariaDB Apple vpn OPPO Reno Xiaomi Docker Linux NVidia Shulou Information Redmi Huawei Shulou Technology Microsoft macOS Shulou Tech Info MySQL

Share To

Related

Development

More Development >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report