Shulou(Shulou.com)06/01 Report--

Editor to share with you the Linux system to prevent TCP flood attacks, I believe that most people do not know much, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!

# the most critical parameter. Default is 5. Change to 0 means do not resend net.ipv4.tcp_synack_retries = "semi-connection queue length net.ipv4.tcp_max_syn_backlog = 20000" the maximum number of file handles allowed by the system. Because the connection needs to occupy the file handle fs.file-max = 81920 "to deal with burst large concurrent connect requests net.core.somaxconn = 6553" maximum TCP data receive buffer (bytes) net.core.rmem_max = 102412300 "maximum TCP data send buffer (bytes) net.core.wmem_max = 167772" when the rate of packets received by network devices is faster than that processed by the kernel The maximum number of packets allowed to be sent to the queue net.core.netdev_max_backlog = 16553 "Port allocation range net.ipv4.ip_local_port_range = 10000 6553 when the local machine actively connects to other machines." Omit the others.

Note that do not open the following parameters when facing the public network. Because the side effect is obvious, the specific reason is google, if it has been opened, please explicitly change it to 0, and then perform sysctl-p shutdown. Because after experiments, a large number of TIME_WAIT connections have little impact on the system:

# send syncookies to the other party when there is a semi-connection queue overflow. After enlarging the semi-connection queue, it is not necessary to net.ipv4.tcp_syncookies the connection reuse function of net.ipv4.tcp_tw_reuse = 0#TIME_WAIT status net.ipv4.tcp_tw_reuse = timestamp option Connection recovery function in conjunction with the previous net.ipv4.tcp_tw_reuse parameter net.ipv4.tcp_timestamps = 0#TIME_WAIT status net.ipv4.tcp_tw_recycle = "send syncookies to the other party when a semi-connection queue overflow occurs, and it is not necessary to net.ipv4.tcp_syncookies = connection reuse function of 0#TIME_WAIT status after enlarging the half-connection queue net.ipv4.tcp_tw_reuse =" timestamp option Connection recovery function net.ipv4.tcp_tw_recycle = 0 in conjunction with the previous net.ipv4.tcp_tw_reuse parameter net.ipv4.tcp_timestamps = 0#TIME_WAIT status

To handle a large number of connections, you need to increase another parameter:

# vi / etc/security/limits.conf

Adding a line below allows each user to open up to 409600 file handles (including connections):

*-nofile 409600 and above are all the contents of this article entitled "methods of preventing TCP Flood attacks in Linux system". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.