From: dvv@sprint.net (Dima Volodin) The values to play with are tcp_conn_req_max (defines the max value for listen queue), tcp_ip_notify_cinterval (makes tcp send another SYN???), tcp_ip_abort_cinterval (aborts connection and frees the slot). Note "c" in "cinterval". I understand these timer values work for both incoming and outgoing connections.
On Solaris, the default for tcp_ip_abort_cinterval is 180000 ms (3 mins). You could try reducing it to a few seconds (at the risk of denying service to legit clients connecting over slow links) using #ndd -set /dev/tcp tcp_ip_abort_cinterval <value in ms> This affects ALL tcp conenctions on the system. Solaris also lets you set the parameter for a specific destination port if the SYN attacker does not use a random destination port: #include <netinet/in.h> #include <netinet/tcp.h> .... int value = <whatever>; setsockopt(fd, IPPROTO_TCP, TCP_CONN_ABORT_THERSHOLD, &value); .... Sanjay. PS. This feature may or may not be documented--I got it from a friend at SunSoft.
participants (1)
-
Sanjay Dani