Various network applications generally must open one or several port for external use, so it can certainly be a malicious attacker to the estuary, denial of service attacks, one of the very popular SYN FLOOD attack is, in the attack occurs, the client's source IP address is forged (spoofed), the current IP routing mechanism checks only IP address and the purpose of forwarding, the IP packet arrives at the destination host cannot be passed after the return-path routing reached, so aim host cannot pass TCP three way handshake to establish the connection.
During this period because TCP # socket buffer queue is filling up quickly, but refuse the new connection request. In order to prevent these attacks, some UNIX variants with separation of incoming socket connection request queue, a queue for the half-open socket (SYN | SYN ACK received, sent), another queue for all open excuses waiting for a call to accept (), increase the queue can be very good for easing these SYNFLOOD attack and the impact on the server to minimize: Linuxkernel2.4 #/sbin/sysctl-wnet.ipv4.tcp_max_syn_backlog = 1280 effective increasing q0 of socket queue size. # Sbin/sysctl-wnet.ipv4.tcp_syn_cookies = 1 enabled TCPSYNcookies support, can effectively reduce SYNFLOOD attack, but this argument would be some great Windows cause some performance problems.
No comments:
Post a Comment