How to Prevent it in linux
Add these lines to the end of /etc/rc.d/rc.local
######## shut some DoS stuff down
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
# increase the SYN backlog queue
echo 2048 > /proc/sys/net/ipv4/tcp_max_syn_backlog
echo 0 > /proc/sys/net/ipv4/tcp_sack
echo 0 > /proc/sys/net/ipv4/tcp_timestamps
echo 64000 > /proc/sys/fs/file-max
ulimit -n 64000
# increase the local port range
echo 1024 65535 > /proc/sys/net/ipv4/ip_local_port_range
# stop source routing
for i in /proc/sys/net/ipv4/conf/*/accept_source_route
do
echo 0 > $i
done
# enable reverse-path filtering
for i in /proc/sys/net/ipv4/conf/*/rp_filter
do
echo 1 > $i
done
##### End
No comments:
Post a Comment