Oh i see, thank you for your explanation.


On Wed, May 15, 2013 at 9:22 PM, Reindl Harald <h.reindl@thelounge.net> wrote:


Am 15.05.2013 16:16, schrieb Ian Kinch:
> So, you said that it is impossible, right?

no, i said it makes no sense

the kernel itself has the capabilities for syncookies
and there is zero reason to bother the application
layer with this, that is the same as ratecontrols
belong in the iptables-layer and not in the attacked
application

* put "net.ipv4.tcp_syncookies = 1" in your sysctl.conf
* type "sysctl -p"

> On Wed, May 15, 2013 at 9:15 PM, Reindl Harald <h.reindl@thelounge.net <mailto:h.reindl@thelounge.net>> wrote:
>
>
>     Am 15.05.2013 15:46, schrieb Ian Kinch:
>     > i want to make a little modification in TCP stack. Instead reply SYN+ACK, apache will send SYNCOOKIE.
>     > i am trying to built a anti-DDoS that mimic a flash crowd.
>     > Sorry, if my question is little bit confusing, my english is not that good
>
>     this does not belong in the daemon itself!
>
>     [root@srv-rhsoft:~]$ sysctl net.ipv4.tcp_syncookies
>     net.ipv4.tcp_syncookies = 1




--
==============
Regrads, 
Ian Febrian Reza M Yulianto