Displaying 3 results from an estimated 3 matches for "drop_synfin".
2004 Apr 06
4
SYN attacks
Heya,
FREEBSD 4.9-STABLE
Is there anyway to block SYN attacks and prevent it from bring down
my server?
Its been attacking for sometime.
2005 Jul 02
3
packets with syn/fin vs pf_norm.c
...drop;
if (flags & TH_FIN)
flags &= ~TH_FIN;
} else {
/* Illegal packet */
if (!(flags & (TH_ACK|TH_RST)))
goto tcp_drop;
}
---
Wouldn't this code also check if I got TCP_DROP_SYNFIN set in my kernel
and/or if I got the sysctl option for that enabled? Also, what happens if I
run this little patch I 'wrote' (remember, I don't know C ;-D)
---
1427c1427
< if (flags & TH_RST)
---
> if ((flags & TH_RST) || (flags & TH_FIN))...
2012 Nov 13
1
thread taskq / unp_gc() using 100% cpu and stalling unix socket IPC
...=32
net.inet.tcp.syncache.cachelimit=1048576
net.inet.tcp.tcbhashsize=1048576
net.inet.tcp.hostcache.hashsize=65536
net.inet.tcp.hostcache.cachelimit=1966080
----
network related part of sysctl.conf:
----
net.inet.ip.fw.verbose=0
net.inet.ip.redirect=0
net.inet.icmp.drop_redirect=1
net.inet.tcp.drop_synfin=1
#net.inet.tcp.icmp_may_rst=0
#net.inet.udp.blackhole=1
#net.inet.tcp.blackhole=2
net.inet6.ip6.accept_rtadv=0
net.inet6.icmp6.rediraccept=0
kern.ipc.maxsockets=1000000
net.inet.tcp.maxtcptw=200000
kern.ipc.nmbclusters=262144
net.inet.tcp.recvspace=65536
net.inet.tcp.sendspace=65536
kern.ipc.so...