|
|
¸®´ª½º Tech °Ô½ÃÆÇ
|
2024. 04. 29. |
 |
|
 |
|
|
|
|
|
 [TIP] SYN Flooding ÇØ°áÃ¥ |
|
|
|
 |
|
|
|
³¯Â¥: 2004.06.28. 15:23:26 Á¶È¸: 369 |
|
|
|
|
|
|
|
|
|
|
|
|
|
* SYN Flooding ÇØ°áÃ¥
1. ¹é·Î±×Å¥¸¦ ´Ã¸®°í HalfOpen »óŽð£À» ÁÙÀδÙ.
/sbin/sysctl -w net.ipv4.tcp_max_syn_backlog=1280
2. ¼ÒÄÏ queueÀÇ size¸¦ ³ôÀÓ
3. sysn Flooding °ø°ÝÀ» Â÷´ÜÇϱâ À§ÇØ TCP SYN Cookies ±â´ÉÀ» ÄÒ´Ù
/sbin/sysctl -w net.ipv4.tcp_syncookies=1
4. time_waitÀ» 60ÃÊ·Î Á¦ÇÑÇÏ¿© ÀÏÁ¤ÀÌ»ó ACK°¡ ¿ÀÁö ¾Ê¤·¸£ °æ¿ì Á¢¼ÓÀ» ´ë±âÇÏÁö ¾Ê°í ²÷´Â´Ù.
/sbin/sysctl -w net.ipv4.vs.timeout_timewait=60
* DOS SMURF °ø°Ý¿¡ ´ëó
1. ¶ó¿ìÅÍ¿¡¼ Â÷´Ü : no ip directed_boradcast ¼³Á¤
2. ¸®´ª½º¿¡¼ÀÇ ¼³Á¤ :
/sbin/sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1
¶Ç´Â echo 1 > /proc/sys/net/ipv4/tcp_syncookies
|
|
|
|
|
¾Ï È£ 
