Netstatus View syn in Linux

Source: Internet
Author: User
Tags ack socket iptables

You can count the current number of connections by following this command

Netstat-n | awk '/^tcp/{++s[$NF]} end {for (a in S) print A, s[a]} '

This statement returns the following results

1.time_wait 346

2.FIN_WAIT1 85

3.fin_wait2 6

4.ESTABLISHED 1620

5.SYN_RECV 169

6.last_ack 8

SYN_RECV indicates the number of requests waiting to be processed; Established indicates normal data transfer status; Time_wait represents the number of requests that have finished processing and waiting for the timeout to end.

Status: Description

CLOSED: No connection is active or in progress

LISTEN: The server is waiting to enter the call

SYN_RECV: A connection request has arrived, waiting for confirmation

Syn_sent: Application has started, open a connection

Established: Normal data transfer status

FIN_WAIT1: Application says it's done

Fin_wait2: The other side has agreed to release

Itmed_wait: Waiting for all groups to die

CLOSING: Both sides try to close at the same time

Time_wait: The other side has initialized a release

Last_ack: Waiting for all groups to die

Many others use TCP SYN flood to attack server servers through the bottom of the network, and I can use iptables to guard against:

Prevent synchronization Pack Floods (Sync Flood)

1.iptables-a forward-p tcp--syn-m limit--limit 1/s-j ACCEPT

There are people writing.

1.iptables-a input-p tcp--syn-m limit--limit 1/s-j ACCEPT

--limit 1/s Limit syn concurrency by 1 times per second and can be modified according to your needs

Prevent various port scans

1.iptables-a forward-p tcp--tcp-flags syn,ack,fin,rst rst-m limit--limit 1/s-j ACCEPT

Ping flood Attack (ping of Death)

1.iptables-a forward-p ICMP--icmp-type echo-request-m limit--limit 1/s-j ACCEPT

At the same time, in the initialization of the system process, you can set up the data connection to the server, the following simple settings, if there is a set of this aspect, welcome to share, first thanked ...

Vim/etc/sysctl.conf

Net.ipv4.tcp_tw_reuse = 1

This file indicates whether the time-wait-state socket is allowed to reapply for a new TCP connection.

Net.ipv4.tcp_tw_recycle = 1

Recyse is an accelerated time-wait sockets recovery

Changes to Tcp_tw_reuse and tcp_tw_recycle may occur. Warning, got duplicate TCP line warning, got BOGUS TCP Line. The above two parameters refer to the existence of these two identical TCP connections, which occur when a connection is quickly disconnected and reconnected, and the port and address used are the same. But basically such things will not happen, anyway, so that the above settings will increase the chance of recurrence. This tip will not be compromised and will not degrade system performance and is currently working

Net.ipv4.tcp_syncookies = 1

Indicates that the SYN cookie is opened. When the SYN wait queue overflow occurs, cookies are enabled to handle, to prevent a small number of SYN attacks, the default is 0, indicating shutdown;

Net.ipv4.tcp_synack_retries = 1

Net.ipv4.tcp_keepalive_time = 1200

Indicates how often TCP sends KeepAlive messages when KeepAlive is enabled. The default is 2 hours.

Net.ipv4.tcp_fin_timeout = 30

The FIN_WAIT1 state is when the initiator actively requests the shutdown of the TCP connection, and after the active sending of the fin, waits for the receiving end to reply to the ACK. For a socket connection that is disconnected from the end, TCP remains in the Fin-wait-2 state for a time. The other side may disconnect or never end the connection or the unexpected process dies.

Net.ipv4.ip_local_port_range = 1024 65000

Net.ipv4.tcp_max_syn_backlog = 8192

This file specifies the maximum number of packets that are allowed to be sent to the queue when the interface receives packets at a faster rate than the kernel processes those packets.

Net.ipv4.tcp_max_tw_buckets = 5000

Make settings take effect

Sysctl-p

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.