|
当
Linux内核检测到SYN Flooding时,它会记录如下消息:
端口80上可能发生SYN泛洪.发送cookie
有谁知道内核用来检测这个的确切方法?
解决方法
如果我正确读取sysctl / tcp内容,当未确认的syn请求数超过net.ipv4.tcp_max_syn_backlog的值时,它会跳闸.特别:
The tcp_max_syn_backlog variable tells
your box how many SYN requests to keep
in memory that we have yet to get the
third packet in a 3-way handshake
from. The tcp_max_syn_backlog variable
is overridden by the tcp_syncookies
variable,which needs to be turned on
for this variable to have any effect.
If the server suffers from overloads
at peak times,you may want to
increase this value a little bit.
我认为这很简单的原因是来自tcp_syncookies的文本:
The tcp_syncookies variable is used to
send out so called syncookies to hosts
when the kernels syn backlog queue for
a specific socket is overflowed. This
means that if our host is flooded with
several SYN packets from different
hosts,the syn backlog queue may
overflow,and hence this function
starts sending out cookies to see if
the SYN packets are really legit.
对我而言,它听起来真的像是具有>的syn队列一样简单. tcp_max_syn_backlog未完成的连接.
(编辑:瑞安网)
【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!
|
