nanog mailing list archives
Re: SYN and Solaris
From: Sanjay Dani(maillists) <indus () professionals com>
Date: Tue, 17 Sep 1996 18:18:53 -0700 (PDT)
From: dvv () sprint net (Dima Volodin) The values to play with are tcp_conn_req_max (defines the max value for listen queue), tcp_ip_notify_cinterval (makes tcp send another SYN???), tcp_ip_abort_cinterval (aborts connection and frees the slot). Note "c" in "cinterval". I understand these timer values work for both incoming and outgoing connections.
On Solaris, the default for tcp_ip_abort_cinterval is 180000 ms (3 mins). You could try reducing it to a few seconds (at the risk of denying service to legit clients connecting over slow links) using #ndd -set /dev/tcp tcp_ip_abort_cinterval <value in ms> This affects ALL tcp conenctions on the system. Solaris also lets you set the parameter for a specific destination port if the SYN attacker does not use a random destination port: #include <netinet/in.h> #include <netinet/tcp.h> .... int value = <whatever>; setsockopt(fd, IPPROTO_TCP, TCP_CONN_ABORT_THERSHOLD, &value); .... Sanjay. PS. This feature may or may not be documented--I got it from a friend at SunSoft. - - - - - - - - - - - - - - - - -
Current thread:
- SYN and Solaris Dima Volodin (Sep 17)
- Re: SYN and Solaris Allan Chong (Sep 17)
- <Possible follow-ups>
- Re: SYN and Solaris maillists (Sep 17)