tcp_syncookies防护部分SYN攻击

论坛 期权论坛     
选择匿名的用户   2021-5-30 01:58   182   0
<p style="padding-top:0px; padding-bottom:0px; margin-top:0px; margin-bottom:0px; clear:both; height:auto; overflow:hidden; color:rgb(80,80,80); font-family:宋体,&#39;Arial Narrow&#39;,arial,serif; font-size:14px; line-height:28px"> <span style="padding:0px; margin:0px; color:rgb(138,134,121); font-family:&#39;Hiragino Sans GB W3&#39;,&#39;Hiragino Sans GB&#39;,Arial,Helvetica,simsun,u5b8bu4f53; background-color:rgb(204,206,208)"><span style="padding:0px; margin:0px">cp_syncookies是一个开关,是否打开SYN Cookie功能,该功能可以防止部分SYN攻击。tcp_synack_retries和tcp_syn_retries定义SYN的重试次数。</span></span></p>
<p style="padding-top:0px; padding-bottom:0px; margin-top:0px; margin-bottom:0px; clear:both; height:auto; overflow:hidden; color:rgb(80,80,80); font-family:宋体,&#39;Arial Narrow&#39;,arial,serif; font-size:14px; line-height:28px"> <span style="padding:0px; margin:0px; color:rgb(138,134,121); font-family:&#39;Hiragino Sans GB W3&#39;,&#39;Hiragino Sans GB&#39;,Arial,Helvetica,simsun,u5b8bu4f53; background-color:rgb(204,206,208)">----------------------------------------参数说明------------------------------------------------------------------</span><br style="padding:0px; margin:0px; color:rgb(138,134,121); font-family:&#39;Hiragino Sans GB W3&#39;,&#39;Hiragino Sans GB&#39;,Arial,Helvetica,simsun,u5b8bu4f53; background-color:rgb(204,206,208)"> </p>
<p style="padding-top:0px; padding-bottom:0px; margin-top:0px; margin-bottom:0px; clear:both; height:auto; overflow:hidden; color:rgb(80,80,80); font-family:宋体,&#39;Arial Narrow&#39;,arial,serif; font-size:14px; line-height:28px"> <span style="padding:0px; margin:0px; font-family:宋体; font-size:3px"><span style="padding:0px; margin:0px"><span style="padding:0px; margin:0px; color:rgb(0,0,255)">$ /proc/sys/net/core/wmem_max</span></span><br style="padding:0px; margin:0px"> 最大socket写buffer,可参考的优化值:873200</span></p>
<p style="padding-top:0px; padding-bottom:0px; margin-top:0px; margin-bottom:0px; clear:both; height:auto; overflow:hidden; color:rgb(80,80,80); font-family:宋体,&#39;Arial Narrow&#39;,arial,serif; font-size:14px; line-height:28px"> <span style="padding:0px; margin:0px; font-family:宋体; font-size:3px"><span style="padding:0px; margin:0px; color:rgb(0,0,255)"><span style="padding:0px; margin:0px">$ /proc/sys/net/core/rmem_max</span><br style="padding:0px; margin:0px"> </span>最大socket读buffer,可参考的优化值:873200</span></p>
<p style="padding-top:0px; padding-bottom:0px; margin-top:0px; margin-bottom:0px; clear:both; height:auto; overflow:hidden; color:rgb(80,80,80); font-family:宋体,&#39;Arial Narrow&#39;,arial,serif; font-size:14px; line-height:28px"> <span style="padding:0px; margin:0px; font-family:宋体; font-size:3px"><span style="padding:0px; margin:0px; color:rgb(0,0,255)"><span style="padding:0px; margin:0px">$ /proc/sys/net/ipv4/tcp_wmem</span><br style="padding:0px; margin:0px"> </span>TCP写buffer,可参考的优化值: 8192 436600 873200</span></p>
<p style="padding-top:0px; padding-bottom:0px; margin-top:0px; margin-bottom:0px; clear:both; height:auto; overflow:hidden; color:rgb(80,80,80); font-family:宋体,&#39;Arial Narrow&#39;,arial,serif; font-size:14px; line-height:28px"> <span style="padding:0px; margin:0px; font-family:宋体; font-size:3px"><span style="padding:0px; margin:0px; color:rgb(0,0,255)"><span style="padding:0px; margin:0px">$ /proc/sys/net/ipv4/tcp_rmem</span><br style="padding:0px; margin:0px"> </span>TCP读buffer,可参考的优化值: 32768 436600 873200</span></p>
<p style="padding-top:0px; padding-bottom:0px; margin-top:0px; margin-bottom:0px; clear:both; height:auto; overflow:hidden; color:rgb(80,80,80); font-family:宋体,&#39;Arial Narrow&#39;,arial,serif; font-size:14px; line-height:28px"> <span style="padding:0px; margin:0px; font-family:宋体; font-size:3px"><span style="padding:0px; margin:0px"><span style="padding:0px; margin:0px; color:rgb(0,0,255)">$ /proc/sys/net/ipv4/tcp_mem<br style="padding:0px; margin:0px"> </span></span>同样有3个值,意思是:<br style="padding:0px; margin:0px"> net.ipv4.tcp_mem[0]:低于此值,TCP没有内存压力.<br style="padding:0px; margin:0px"> net.ipv4.tcp_mem[1]:在此值下,进入内存压力阶段.<br style="padding:0px; margin:0px"> net.ipv4.tcp_mem[2]:高于此值,TCP拒绝分配socket.<br style="padding:0px; margin:0px"> 上述内存单位是页,而不是字节.可参考的优化值是:786432 1048576 1572864</span></p>
<p style="padding-top:0px; padding-bottom:0px; margin-top:0px; margin-bottom:0px; clear:both; height:auto; overflow:hidden; color:rgb(80,80,80); font-family:宋体,&#39;Arial Narrow&#39;,arial,serif; font-size:14px; line-height:28px"> <span style="padding:0px; margin:0px; font-family:宋体; font-size:3px"><span style="padding:0px; margin:0px"><span style="padding:0px; margin:0px; color:rgb(0,0,255)">$ /proc/sys/net/core/netdev_max_backlog<br style="padding:0px; margin:0px"> </span></span>进入包的最大设备队列.默认是300,对重负载服务器而言,该值太低,可调整到1000.</span></p>
<p style="padding-top:0px; padding-bottom:0px; margin-top:0px; margin-bottom:0px; clear:both; height:auto; overflow:hidden; color:rgb(80,80,80); font-family:宋体,&#39;Arial Narrow&#39;,arial,serif; font-size:14px; line-height:28px"> <span style="padding:0px; margin:0px; font-family:宋体; font-size:3px"><span style="padding:0px; margin:0px; color:rgb(0,0,255)"><span style="paddi
回复
分享到 :
0 人收藏
返回列表
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

16级独孤
选择匿名的用户

积分:3875789
帖子:775174
精华:0
+ 关注 私信
期权论坛 期权论坛
期权网络科技版权所有
关于我们
联系我们
加入我们
反馈问题
免责声明
积分充值
统一社会信用代码
积分规则
网站地图
爱文库
下属网站
官方
新浪微博
微信公众号
下载
表情包
App下载
期权论坛 期权论坛

QQ咨询|关于我们|Archiver|手机版|小黑屋|( 辽ICP备15012455号-4 ) Powered by 期权论坛 X3.2 © 2001-2016 期权工具网&期权论坛 Inc.

发布
内容

下载期权论坛手机APP