trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reindl Harald <h.rei...@thelounge.net>
Subject Re: Modification TCP stack
Date Wed, 15 May 2013 14:22:19 GMT


Am 15.05.2013 16:16, schrieb Ian Kinch:
> So, you said that it is impossible, right?

no, i said it makes no sense

the kernel itself has the capabilities for syncookies
and there is zero reason to bother the application
layer with this, that is the same as ratecontrols
belong in the iptables-layer and not in the attacked
application

* put "net.ipv4.tcp_syncookies = 1" in your sysctl.conf
* type "sysctl -p"

> On Wed, May 15, 2013 at 9:15 PM, Reindl Harald <h.reindl@thelounge.net <mailto:h.reindl@thelounge.net>>
wrote:
> 
> 
>     Am 15.05.2013 15:46, schrieb Ian Kinch:
>     > i want to make a little modification in TCP stack. Instead reply SYN+ACK, apache
will send SYNCOOKIE.
>     > i am trying to built a anti-DDoS that mimic a flash crowd.
>     > Sorry, if my question is little bit confusing, my english is not that good
> 
>     this does not belong in the daemon itself!
> 
>     [root@srv-rhsoft:~]$ sysctl net.ipv4.tcp_syncookies
>     net.ipv4.tcp_syncookies = 1


Mime
View raw message