📄 1111.html
字号:
-->
</SCRIPT>
<BODY text=#000000 bgColor=#ffffff leftMargin=0 topMargin=0 marginwidth="0"
marginheight="0">
<CENTER>
<TABLE cellSpacing=0 cellPadding=0 width="100%" border=0>
<TR>
<TD vAlign=top>
<TABLE cellSpacing=0 cellPadding=0 width="100%" border=0>
<TBODY>
<TR>
<TD><IMG height=1 src="images/spacer.gif" tppabs="http://www.linuxhero.com/docs/images/spacer.gif" width=296
border=0></TD>
<TD><IMG height=1 src="images/spacer.gif" tppabs="http://www.linuxhero.com/docs/images/spacer.gif" width=76
border=0></TD>
<TD><IMG height=1 src="images/spacer.gif" tppabs="http://www.linuxhero.com/docs/images/spacer.gif" width=100
border=0></TD>
<TD><IMG height=1 src="images/spacer.gif" tppabs="http://www.linuxhero.com/docs/images/spacer.gif" width=98
border=0></TD>
<TD><IMG height=1 src="images/spacer.gif" tppabs="http://www.linuxhero.com/docs/images/spacer.gif" width=79
border=0></TD>
<TD><IMG height=1 src="images/spacer.gif" tppabs="http://www.linuxhero.com/docs/images/spacer.gif" width=103
border=0></TD>
<TD><IMG height=1 src="images/spacer.gif" tppabs="http://www.linuxhero.com/docs/images/spacer.gif" width=26
border=0></TD>
<TD><IMG height=1 src="images/spacer.gif" tppabs="http://www.linuxhero.com/docs/images/spacer.gif" width=1
border=0></TD></TR>
<TR>
<TD colSpan=3><A title=linux知识宝库
href="index.html" tppabs="http://www.linuxhero.com/docs/index.html"><IMG height=83
src="images/header_r1_c1.gif" tppabs="http://www.linuxhero.com/docs/images/header_r1_c1.gif" width=472 border=0
name=header_r1_c1></A></TD>
<TD colSpan=3>
<form action="http://www.linuxhero.com/docs/search.html" method=get>
<table
style="BORDER-RIGHT: #c4c4c4 1px solid; BORDER-TOP: #c4c4c4 1px solid; BORDER-LEFT: #c4c4c4 1px solid; BORDER-BOTTOM: #c4c4c4 1px solid"
cellspacing=0 cellpadding=3 width="95%" border=0 align="center">
<tbody>
<tr>
<td noWrap background="images/bgline.gif" tppabs="http://www.linuxhero.com/docs/images/bgline.gif">
<div align=center><font class=normalfont>搜索文章:
<input type=hidden value=result name=action2>
<input type=radio checked value=title name=type>标题
<input type=radio value=content name=type>内容
<input type=image src="images/button_go.gif" tppabs="http://www.linuxhero.com/docs/images/button_go.gif" border=0 name=image2>
</font></div>
</td>
</tr>
<tr>
<td noWrap>
<div align="center">
<input maxlength=100 size=30 name=keyword2>
</div>
</td>
</tr></tbody>
</table>
</form>
</TD>
<TD rowSpan=2><IMG src="images/header_r1_c7.gif" tppabs="http://www.linuxhero.com/docs/images/header_r1_c7.gif" width=26 border=0 name=header_r1_c7></TD>
<TD><IMG height=83 src="images/spacer.gif" tppabs="http://www.linuxhero.com/docs/images/spacer.gif" width=1 border=0></TD></TR>
<TR>
<TD background="images/bgline.gif" tppabs="http://www.linuxhero.com/docs/images/bgline.gif"><IMG height=22
src="images/header_r2_c1.gif" tppabs="http://www.linuxhero.com/docs/images/header_r2_c1.gif" width=296 border=0
name=header_r2_c1></TD>
<TD background="images/bgline.gif" tppabs="http://www.linuxhero.com/docs/images/bgline.gif" colSpan=5>
<DIV align=right><FONT class=normalfont>当前位置:
<A href="index.html" tppabs="http://www.linuxhero.com/docs/index.html">本站首页</A>
<font color="#FF6699">>></font>
<A href="type15.html" tppabs="http://www.linuxhero.com/docs/type15.html">网络安全</A> | <A href="copyright.html" tppabs="http://www.linuxhero.com/docs/copyright.html">版权说明</A></font></DIV>
</TD>
<TD><IMG height=22 src="images/spacer.gif" tppabs="http://www.linuxhero.com/docs/images/spacer.gif" width=1
border=0></TD></TR></TBODY></TABLE>
<TABLE cellSpacing=10 cellPadding=0 width="100%" bgColor=#ffffff
border=0>
<TR>
<TD>
<TABLE cellSpacing=0 cellPadding=3 width="100%" border=0>
<TR>
<TD vAlign=top align=middle width="60%">
<TABLE cellSpacing=0 cellPadding=0 width="100%"
background="images/back.gif" tppabs="http://www.linuxhero.com/docs/images/back.gif" border=0>
<TBODY>
<TR>
<TD vAlign=top width="80%">
<DIV align=center>
<FORM action="search.html" tppabs="http://www.linuxhero.com/docs/search.html" method=get>
</FORM>
<TABLE cellSpacing=0 cellPadding=0 width="95%"
border=0><TBODY>
<TR>
<TD background="images/bgi.gif" tppabs="http://www.linuxhero.com/docs/images/bgi.gif"
height=30></TD></TR></TBODY></TABLE>
<TABLE cellSpacing=0 cellPadding=3 width="95%"
align=center border=0>
<TBODY>
<TR>
<TD>
<TABLE cellSpacing=0 cellPadding=3 width="100%"
border=0>
<TBODY>
<TR>
<TD vAlign=top>
<p><FONT class=normalfont><B><font color=blue>防止SYN的攻击参数设置</font></B></FONT><BR><FONT class=smallfont color=#ff9900>2004-04-23 15:18 pm</FONT><BR><FONT class=normalfont>作者:webwanglei<br>来自:Linux知识宝库<br>联系方式:无名<br><br>我在一家网站工作,目前我对我所管理的WEB服务器的防止SYN攻击方面做了以下规则:<br>
iptables -N syn-flood<br>
iptables -A INPUT -p tcp --syn -j syn-flood<br>
iptables -I syn-flood -p tcp -m limit --limit 3/s --limit-burst 6 -j RETURN<br>
iptables -A syn-flood -j REJECT<br>
sysctl -w net.ipv4.icmp_echo_ignore_all=1<br>
echo "1" > /proc/sys/net/ipv4/tcp_syncookies<br>
但好像效果不是很好,有没有朋友有更好的方法,贴出来看看!另外,在REDHAT8和REDHAT9上对TCP会话超时的NET.IPV4的参数定义是那个,我想限制TCP会话时间不超过30秒,应该设置那个参数呢?具我所知,微软的这个参数设置的是3秒。<br>
<br>
Hardening the TCP/IP stack to SYN attacks<br>
<br>
<br>
Most people know how problematic protection against SYN denial of service attacks can be. Several methods, more or less effective, are usually used. In almost every case proper filtering of packets is a viable solution. In addition to creating packet filters, the modification of the TCP/IP stack of a given operating system can be performed by an administrator. This method, the tuning of the TCP/IP stack in various operating systems, will be described in depth in this article.<br>
While SYN attacks may not be entirely preventable, tuning the TCP/IP stack will help reduce the impact of SYN attacks while still allowing legitimate client traffic through. It should be noted that some SYN attacks do not always attempt to upset servers, but instead try to consume all of the bandwidth of your Internet connection. This kind of flood is outside the scope of scope of this article, as is the filtering of packets which has been discussed elsewhere.<br>
<br>
What can an administrator do when his servers are under a classic, non-bandwidth flooding SYN attack? One of most important steps is to enable the operating system's built-in protection mechanisms like SYN cookies or SynAttackProtect. Additionally, in some cases it is worth tuning parameters of the TCP/IP stack. Changing the default values of stack variables can be another layer of protection and help better secure your hosts. In this paper I will concentrate on:<br>
<br>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -