Differences
This shows you the differences between two versions of the page.
Next revision Both sides next revision | |||
litespeed_wiki:mitigating_syn_floods [2013/07/01 21:36] 127.0.0.1 external edit |
litespeed_wiki:mitigating_syn_floods [2014/06/24 18:25] Michael Armstrong |
||
---|---|---|---|
Line 5: | Line 5: | ||
==== 1. Turn on syncookies ==== | ==== 1. Turn on syncookies ==== | ||
- | In ''/etc/sysctrl.conf'' add | + | In ''/etc/sysctl.conf'' add |
<code>net.ipv4.tcp_syncookies = 1</code> | <code>net.ipv4.tcp_syncookies = 1</code> | ||
Line 13: | Line 13: | ||
==== 2. Set your backlog limit ==== | ==== 2. Set your backlog limit ==== | ||
- | In ''/etc/sysctrl.conf'' add | + | In ''/etc/sysctl.conf'' add |
<code>net.ipv4.tcp_max_syn_backlog = 2048</code> | <code>net.ipv4.tcp_max_syn_backlog = 2048</code> | ||
Line 21: | Line 21: | ||
==== 3. Lower the number of SYN-ACK retries ==== | ==== 3. Lower the number of SYN-ACK retries ==== | ||
- | In ''/etc/sysctrl.conf'' add | + | In ''/etc/sysctl.conf'' add |
<code>net.ipv4.tcp_synack_retries = 3</code> | <code>net.ipv4.tcp_synack_retries = 3</code> | ||
Line 35: | Line 35: | ||
echo 3 > /proc/sys/net/ipv4/tcp_synack_retries</code> | echo 3 > /proc/sys/net/ipv4/tcp_synack_retries</code> | ||
- | Doing only the above echo commands without altering ''/etc/sysctrl.conf'' will mean that the changes will be lost next time you reboot. | + | Doing only the above echo commands without altering ''/etc/sysctl.conf'' will mean that the changes will be lost next time you reboot. |