This Blog is intended to collect information of my various Intrests,pen my opinion on the information gathered and not intended to educate any one of the information posted,but are most welcome to share there view on them
Tuesday, July 12, 2011
Linux system to prevent the syn attack
Web hosting service provider in the operating process may be hacker attacks, a common attack methods are SYN, DDOS, etc. By replacing the IP, to find the site of attack may be to avoid attacks, but the break in service a long time. More thorough solution is to install a hardware firewall. However, hardware firewalls are expensive. May consider using the Linux system itself provides the firewall to defend against.
Against SYN SYN attack is to use TCP / IP protocol 3-way handshake principle, to establish a connection to send a large number of network packets, but does not actually establish a connection, eventually leading to the attacked server network queue is filled, not by normal users.
The Linux kernel provides a number of SYN-related configuration, use the command: sysctl-a | grep syn see:
tcp_max_syn_backlog is the SYN queue length, tcp_syncookies is a switch that is open SYN Cookie feature can prevent some of SYN attacks. tcp_synack_retries and tcp_syn_retries definition of a SYN retries. SYN queue length can be increased to accommodate more waiting to connect to the network connections, open the SYN Cookie feature can prevent some SYN attack, reduce the number of retries has some effect.