Logging inconsistencies during apparent DoS
Istvan Szukacs
leccine at gmail.com
Sat Jul 26 16:32:44 MSD 2008
Hi!
In every modern operating system including: linux*, *bsd, a couple of
other unix-like systems there is syn cookie to avoid the situation when
somebody flood your server with only SYN packets starting thousands of
webserver process
http://cr.yp.to/syncookies.html
on linux:
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
on freebsd
sysctl -w net.inet.tcp.syncookies=1
I dont know that much MacOS but I guess you have but try to search
something like this with sysctl -a | grep syn and probably there is the
same sysctl.
Regards,
Istvan
John Barratt wrote:
> Hi,
> We have been having problems with an apparent SYN-flood DoS
> attack. However there are are inconsistencies with the resulting log
> entries in nginx that along with the environment it is in, make me
> wonder if it really is a DoS attack, and/or there is something else
> going wrong.
>
> We are running nginx 0.6.31 on OSX 10.5 Server. Details of the
> problem go something like this :
>
More information about the nginx
mailing list