Enable TCP SYN Cookie Protection

Discussion in 'Tips/Tricks/Mods' started by sysconfig, Nov 3, 2006.

  1. sysconfig

    sysconfig New Member

    A "SYN Attack" is a Denial of Service (DoS) attack that consumes all the resources on your machine, forcing you to reboot. Denials of Service attacks (attacks which incapacitate a server due to high traffic volume or ones that tie-up system resources enough that the server cannot respond to a legitimate connection request from a remote system) are easily achievable from internal resources or external connections via extranets and Internet. Enabling TCP SYN Cookie Protection will help to eliminate the problem.

    Edit the sysctl.conf file (vi /etc/sysctl.conf) and add the following line:

    Code:
    # Enable TCP SYN Cookie Protection
    net.ipv4.tcp_syncookies = 1
    Once the configuration has been set, you must restart your network for the change to take effect.
    The command to restart the network is the following:
    Code:
     To restart all network devices manually on your system, use the following command:
    [root:~ ]# /etc/rc.d/init.d/network restart
    
     
  2. qwe010

    qwe010 New Member

    thanks

    i do

    but i see thise message

    error: unknown error 1 setting key 'net.ipv4.tcp_syncookies'

    my server is VPS ?
     
  3. falko

    falko Super Moderator ISPConfig Developer

    I bet this is the problem.
     
  4. qwe010

    qwe010 New Member

    but i have full root access :confused:
     
  5. falko

    falko Super Moderator ISPConfig Developer

    But it is a VPS, no matter if you have root access or not. A VPS behaves differently than a normal server in the one or other way...
     
  6. qwe010

    qwe010 New Member

    thanks falko
     

Share This Page