Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
litespeed_wiki:mitigating_syn_floods [2013/07/01 21:36] 127.0.0.1 external edit |
litespeed_wiki:mitigating_syn_floods [2015/07/29 15:35] Michael Alegre removed |
||
|---|---|---|---|
| Line 5: | Line 5: | ||
| ==== 1. Turn on syncookies ==== | ==== 1. Turn on syncookies ==== | ||
| - | In ''/etc/sysctrl.conf'' add | + | In ''/etc/sysctl.conf'' add |
| <code>net.ipv4.tcp_syncookies = 1</code> | <code>net.ipv4.tcp_syncookies = 1</code> | ||
| Line 13: | Line 13: | ||
| ==== 2. Set your backlog limit ==== | ==== 2. Set your backlog limit ==== | ||
| - | In ''/etc/sysctrl.conf'' add | + | In ''/etc/sysctl.conf'' add |
| <code>net.ipv4.tcp_max_syn_backlog = 2048</code> | <code>net.ipv4.tcp_max_syn_backlog = 2048</code> | ||
| Line 21: | Line 21: | ||
| ==== 3. Lower the number of SYN-ACK retries ==== | ==== 3. Lower the number of SYN-ACK retries ==== | ||
| - | In ''/etc/sysctrl.conf'' add | + | In ''/etc/sysctl.conf'' add |
| <code>net.ipv4.tcp_synack_retries = 3</code> | <code>net.ipv4.tcp_synack_retries = 3</code> | ||
| Line 35: | Line 35: | ||
| echo 3 > /proc/sys/net/ipv4/tcp_synack_retries</code> | echo 3 > /proc/sys/net/ipv4/tcp_synack_retries</code> | ||
| - | Doing only the above echo commands without altering ''/etc/sysctrl.conf'' will mean that the changes will be lost next time you reboot. | + | Doing only the above echo commands without altering ''/etc/sysctl.conf'' will mean that the changes will be lost next time you reboot. |