Re: [squid-users] possible SYN flooding on port 3128. Sending cookies

From: Khemara Lyn <lin.kh_at_wicam.com.kh>
Date: Sat, 05 Jun 2010 07:31:15 +0700

Thank you for your response, Henrik.

I have this in /etc/sysctl.conf:

net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_syncookies = 1
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.accept_redirects = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536

What would be the good values for these parameters?
Any extra parameters i should add?

Regards,
Khem

On 06/04/2010 11:15 PM, Henrik Nordström wrote:
> fre 2010-06-04 klockan 11:51 +0700 skrev Khemara Lyn:
>
>
>> "Jun 4 11:11:39 cache kernel: possible SYN flooding on port 3128.
>> Sending cookies."
>>
> You get this message when the SYN backlog queue is filled in the TCP
> kernel. This is mainly connections in SYN_RECV state. It is safe to
> tune up the limit considerably from the defaults.
>
>
>> Is the system really under SYN flood attack?
>>
> Probably not. More likely some clients not behaving optimal. But if it
> is then the SYN cookies helps making the attack pretty much without any
> noticeable effect.
>
> Regards
> Henrik
>
>
>
Received on Sat Jun 05 2010 - 00:31:33 MDT

This archive was generated by hypermail 2.2.0 : Sun Jun 06 2010 - 12:00:03 MDT