Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
RE: [suse-security] is it possible to disable SYN flooding protec tion for port 80?
  • From: GertJan Spoelman <rs2000@xxxxxxxxx>
  • Date: Sun, 20 Jan 2002 17:26:07 +0100
  • Message-id: <E19FF7E9ED1BD5118B050060B03C8ABA1585@xxxxxxxxxxxxxxxxxx>
> -----Original Message-----
> From: Kai-H. Weutzing [mailto:suse@xxxxxxxxxx]
> Sent: Sunday, January 20, 2002 3:43 PM
>
> Hi,
>
> my webserver reports sometimes a
>
> Jan 20 14:02:11 xxxxxxxx kernel: possible SYN flooding on
> port 80. Sending
> cookies.
> Jan 20 14:02:11 xxxxxxxx kernel: klogd 1.3-3, ---------- state
> change ----------
> Jan 20 14:02:11 xxxxxxxx kernel: Inspecting /boot/System.map-2.2.18
> Jan 20 14:02:11 xxxxxxxx kernel: Loaded 10080 symbols from
> /boot/System.map-2.2.18.
> Jan 20 14:02:11 xxxxxxxx kernel: Symbols match kernel version 2.2.18.
> Jan 20 14:02:11 xxxxxxxx kernel: Loaded 258 symbols from 2 modules.
>
> So I think its no attack than a high traffic on my webserver.
> So what can I
> do? Is it possible to disable the SYN flood protection for
> port 80 (I didn't
> like to it) or can I modify the detection parameters of this
> protection
> routine? (I didn't like to read the kernel sources and
> re-compile it :-)

It normally gets enabled by your firewall script by:
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
you can disable it by doing a:
echo 0 > /proc/sys/net/ipv4/tcp_syncookies
on the commandline or by commenting out or changing it in your firewall
script.

GertJan

< Previous Next >
This Thread
  • No further messages