Table of Contents
Advertisement
DoS attacks.
The idea of a DoS attack is to bombard the targeted system with requests that generate
errors and fill up disk partitions with log files or require all of the system's resources to handle
the error logging. The settings in
modified based on the system's acceptable risk versus the need for comprehensive logging.
•
netdev_max_backlog
particular interface receives packets faster than the kernel can process them. The default
value for this file is
300
•
— Configures the maximum ancillary buffer size allowed per socket.
optmem_max
•
— Sets the receive socket buffer default size in bytes.
rmem_default
•
— Sets the receive socket buffer maximum size in bytes.
rmem_max
•
— Sets the send socket buffer default size in bytes.
wmem_default
•
— Sets the send socket buffer maximum size in bytes.
wmem_max
The
/proc/sys/net/ipv4/
settings, used in conjunction with one another, are useful in preventing attacks on the system or
when using the system to act as a router.
Caution
An erroneous change to these files may affect remote connectivity to the system.
The following is a list of some of the more important files within the
directory:
•
icmp_destunreach_rate
icmp_timeexeed_rate
hosts under certain conditions. A setting of
•
icmp_echo_ignore_all
ICMP ECHO packets from every host or only those originating from broadcast and multicast
addresses, respectively. A value of
the packets.
•
— Sets the default Time To Live (TTL), which limits the number of hops a
ip_default_ttl
packet may make before reaching its destination. Increasing this value can diminish system
performance.
•
— Permits interfaces on the system to forward packets to one other. By default,
ip_forward
message_burst
— Sets the maximum number of packets allowed to queue when a
.
directory contains additional networking settings. Many of these
,
icmp_echoreply_rate
— Set the maximum ICMP send packet rate, in 1/100 of a second, to
0
and
icmp_echo_ignore_broadcasts
allows the kernel to respond, while a value of
0
and
message_cost
/proc/sys/net/ipv4/
,
icmp_paramprob_rate
removes any delay and is not a good idea.
— Allows the kernel to ignore
/proc/sys/
are designed to be
, and
ignores
1
81
Advertisement
Table of Contents
Related Manuals for Red Hat ENTERPRISE LINUX 4.5.0
Related Products for Red Hat ENTERPRISE LINUX 4.5.0
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.5
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.6
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.7
- Red Hat ENTERPRISE LINUX 4 - DM MULTIPATH
- Red Hat ENTERPRISE LINUX 4 - LVM ADMINISTRATOR
- Red Hat ENTERPRISE LINUX 4 - DEVELOPER TOOLS GUIDE
- Red Hat ENTERPRISE LINUX 4 - USING BINUTILS
- Red Hat ENTERPRISE LINUX 4 - STEP BY STEP GUIDE
- Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE
- Red Hat ENTERPRISE LINUX 3 - USING BINUTILS
- Red Hat ENTERPRISE LINUX 3 - STEP BY STEP GUIDE
- Red Hat ENTERPRISE LINUX 5.1 DM MULTIPATH
- Red Hat LINUX 7.2 - OFFICIAL LINUX CUSTOMIZATION GUIDE
- Red Hat LINUX 7.1 - ISERIES
- Red Hat Enterprise Linux 2.1
- Red Hat ENTERPRISE LINUX 5.1 - LINUX ORACLE
Need help?
Do you have a question about the ENTERPRISE LINUX 4.5.0 and is the answer not in the manual?
Questions and answers