Skip to main content
  1. Posts/

Fighting DDOS attacks in Linux

·40 words·1 min·
Command Line Security

Check for a SYN flood:

# netstat -alnp | grep :80 | grep SYN_RECV -c 1024

Adjust network variables accordingly:

echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
echo 1800 >/proc/sys/net/ipv4/tcp_keepalive_time
echo 0 >/proc/sys/net/ipv4/tcp_window_scaling
echo 0 >/proc/sys/net/ipv4/tcp_sack
echo 0 >/proc/sys/net/ipv4/tcp_timestamps