Thursday, September 17, 2009

Implement System protection against DOS/DDOS

bash# vi /etc/sysctl.conf
add the below code:
# Enable IP spoofing protection, turn on Source Address Verification
net.ipv4.conf.all.rp_filter = 1
# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1

Add the below code in /etc/rc.local and restart network
for f in /proc/sys/net/ipv4/conf/*/rp_filter;
do echo 1 > done

echo 1 > /proc/sys/net/ipv4/tcp_syncookies

No comments:

Post a Comment