North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: SYN and Solaris
> From: [email protected] (Dima Volodin) > The values to play with are tcp_conn_req_max (defines the max value for > listen queue), tcp_ip_notify_cinterval (makes tcp send another SYN???), > tcp_ip_abort_cinterval (aborts connection and frees the slot). Note "c" > in "cinterval". I understand these timer values work for both incoming > and outgoing connections. On Solaris, the default for tcp_ip_abort_cinterval is 180000 ms (3 mins). You could try reducing it to a few seconds (at the risk of denying service to legit clients connecting over slow links) using #ndd -set /dev/tcp tcp_ip_abort_cinterval <value in ms> This affects ALL tcp conenctions on the system. Solaris also lets you set the parameter for a specific destination port if the SYN attacker does not use a random destination port: #include <netinet/in.h> #include <netinet/tcp.h> .... int value = <whatever>; setsockopt(fd, IPPROTO_TCP, TCP_CONN_ABORT_THERSHOLD, &value); .... Sanjay. PS. This feature may or may not be documented--I got it from a friend at SunSoft. - - - - - - - - - - - - - - - - -
|