Nivedita Singhvi wrote:
Christopher Chan wrote:
When tcp_max_syn_backlog is set to 4096 and
route.max_size = 131072
route.gc_thresh = 65536
the box goes berserk almost immediately after bootup due to a bounce
flood hitting the box.
The below values seem to workaround whatever problem the kernel has.
tcp_max_syn_backlog = 2048
route.max_size = 1048576
route.gc_thresh = 65536
Did you try just one of the first two and see which
one actually made a difference? I'm assuming the first,
but that might not be the case..
Another box that has less traffic but sometimes gets ddosed by bounces
has default settings
tcp_max_syn_backlog = 1024
route.max_size = 131072
route.gc_thresh = 8192
This box's 2.6.4 also went berserk during the ddos.
I'll try your suggestion and get back to you.
thanks,
Nivedita
|