-Denial of Service Attacks - are malicious attacks on a system by a remote host which sends numerous connection requests in a rapid succession there by overwhelming the resources of the destination and effectively 'denying' its services to other legitimate users or hosts.
-SYN flag - a special denial of service tcp packet sent by source host to dest host when starting a tcp connection.
-SYNACK - the acknowledgement of SYN flag from dest to source.
-after the source receives the SYNack, it sends a ack to the SYNack (to dest). this completes the handshaking.
-until this time, a table of SYN and SYNack is maintained on the dest.
-SYN flood - a situation in which, the source sends numerous SYN flags but no SYNack; so the SYN just pile up on the dest and bring it down.
-SYN cookie - a linux mechanism to prevent SYN flood by tracking the rate of SYN. if the rate is high, it gets rid of the SYN.
-to activate SYN cookie:
# sysctl net.ipv4.tcp_syncookies [shows]
# sysctl -w net.ipv4.tcp_syncookies=1 [sets ] To make it persistent across reboots, edit /etc/sysctl.conf
-to set the max number of simultaneous open files:
# cat /proc/sysc/fs/file-max [shows]
# sysctl -w fs.file-max=value
No comments:
Post a Comment