Search the Community
Showing results for tags 'syn flood'.
Found 1 result
-
O sa incep acest tutorial cu o nota: Nu exista protectie DoS/DDoS absoluta. Toate sistemele de protectie impotriva atacurilor de acest gen nu fac decat sa inlature efectele negative si sa permita serviciilor sa fie accesibile pana la un anumit nivel. Mai jos va prezint un script util pentru minimizarea efectelor atacurilor SYN FLOOD. Aveti in vedere sa mariti “la nesimtire” urmatorii parametrii sysctl. - net.ipv4.tcp_max_syn_backlog - net.core.somaxconn - net.ipv4.tcp_max_tw_buckets #!/bin/sh active() { echo "---------------------------------------------" echo "Enabling syn flood protection ...." sysctl -w net.ipv4.tcp_syn_retries=3 sysctl -w net.ipv4.tcp_synack_retries=3 sysctl -w net.ipv4.tcp_keepalive_intvl=30 sysctl -w net.ipv4.tcp_keepalive_probes=5 sysctl -w net.ipv4.tcp_keepalive_time=1200 sysctl -w net.ipv4.tcp_wmem="8192 32536 16777216" sysctl -w net.ipv4.tcp_rmem="8192 16536 16777216" echo "---------------------------------------------" return 0 } aggresive() { echo "---------------------------------------------" echo "Enabling aggresive syn flood protection ...." sysctl -w net.ipv4.tcp_syn_retries=1 sysctl -w net.ipv4.tcp_synack_retries=1 sysctl -w net.ipv4.tcp_keepalive_intvl=5 sysctl -w net.ipv4.tcp_keepalive_probes=1 sysctl -w net.ipv4.tcp_keepalive_time=10 sysctl -w net.ipv4.tcp_wmem="3192 6536 16000" sysctl -w net.ipv4.tcp_rmem="3192 6536 16000" echo "---------------------------------------------" return 0 } default() { echo "---------------------------------------------" echo "Disabling syn flood protection ...." sysctl -w net.ipv4.tcp_syn_retries=5 sysctl -w net.ipv4.tcp_synack_retries=5 sysctl -w net.ipv4.tcp_keepalive_intvl=75 sysctl -w net.ipv4.tcp_keepalive_probes=9 sysctl -w net.ipv4.tcp_keepalive_time=7200 sysctl -w net.ipv4.tcp_wmem="16192 65536 16777216" sysctl -w net.ipv4.tcp_rmem="16192 65536 16777216" echo "---------------------------------------------" return 0 } case "$1" in start) active ;; stop) default ;; aggresive) aggresive ;; *) echo "Folosire: $0 {start|stop|aggresive}" exit 1 esac exit 0
