trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ian Kinch <ian.kinc...@gmail.com>
Subject Re: Modification TCP stack
Date Wed, 15 May 2013 14:37:06 GMT
Oh i see, thank you for your explanation.


On Wed, May 15, 2013 at 9:22 PM, Reindl Harald <h.reindl@thelounge.net>wrote:

>
>
> Am 15.05.2013 16:16, schrieb Ian Kinch:
> > So, you said that it is impossible, right?
>
> no, i said it makes no sense
>
> the kernel itself has the capabilities for syncookies
> and there is zero reason to bother the application
> layer with this, that is the same as ratecontrols
> belong in the iptables-layer and not in the attacked
> application
>
> * put "net.ipv4.tcp_syncookies = 1" in your sysctl.conf
> * type "sysctl -p"
>
> > On Wed, May 15, 2013 at 9:15 PM, Reindl Harald <h.reindl@thelounge.net<mailto:
> h.reindl@thelounge.net>> wrote:
> >
> >
> >     Am 15.05.2013 15:46, schrieb Ian Kinch:
> >     > i want to make a little modification in TCP stack. Instead reply
> SYN+ACK, apache will send SYNCOOKIE.
> >     > i am trying to built a anti-DDoS that mimic a flash crowd.
> >     > Sorry, if my question is little bit confusing, my english is not
> that good
> >
> >     this does not belong in the daemon itself!
> >
> >     [root@srv-rhsoft:~]$ sysctl net.ipv4.tcp_syncookies
> >     net.ipv4.tcp_syncookies = 1
>
>


-- 
==============
*Regrads, *
*Ian Febrian Reza M Yulianto*

Mime
View raw message