Nginx-ru mailing list archive (nginx-ru@sysoev.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Nginx, Linux и DDOS
- To: nginx-ru@xxxxxxxxx
- Subject: Re: Nginx, Linux и DDOS
- From: Никита Кардашин <megalin2@xxxxxxxxx>
- Date: Sat, 24 Apr 2010 19:08:19 +0600
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=jzKxxMCmLePmebLQ05HN07xq5q4HJ5dHJF8dQ/+GlyE=; b=XT3PG/47SUnjmcqxmlrTMFLScbKeXy27jvtZt9S7NN6VK0ZXCUkCrFyx4SXzQZNBxL gMPheNVF3Is0pgewXsRq847LlEVkZGkcLRJlrkQxB83NUaDl2PlQhwz5CaM+IuKlgOkf 1j8SamroYTZkr1IY2xncVSjpKULLpywTRWf8Y=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=oBwl1B0Ql9Z41+JTMymKhE1XFDbiQdomm9CoaF4hvUlrFgPyHyPlgipOXDT9zmwIG0 j9a8T/2ALPcdkdzs1BEhiB1ujOjYTd5I/0nrrhndNOi0UBzn7He2kDRufkVau0PCWtC9 r+3kv5rb7xFbOWjScx0nVaY5AozuYNGfcIdYk=
- In-reply-to: <4BD2E9F1.6070607@xxxxxxxxxx>
- References: <7947b3ad0d82bddf40f7a4180edb9d4f.NginxMailingListRussian@xxxxxxxxxxxxxxx> <49a5791ce46574a3af84afc514b7cc0e.NginxMailingListRussian@xxxxxxxxxxxxxxx> <4BD2E9F1.6070607@xxxxxxxxxx>
Мой sysctl.conf, на часто атакуемом сервере:
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.conf.all.forwarding=0
net.ipv4.conf.all.mc_forwarding=0
net.ipv4.tcp_syncookies=1
net.core.rmem_max=202143
net.core.rmem_default=202143
net.ipv4.tcp_sack=0
net.ipv4.tcp_timestamps=0
net.ipv4.ip_local_port_range=1024 65000
net.core.somaxconn=32768
net.ipv4.tcp_max_syn_backlog=16384
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_tw_recycle=1
net.ipv4.tcp_fin_timeout=25
По конкретным параметрам сейчас уже не вспомню, но работает вполне успешно.
2010/4/24, Alex Vorona <voron@xxxxxxxxxx>:
> 24.04.2010 15:45, sba wrote:
>> # head /proc/sys/net/ipv4/tcp_max_tw_buckets
>> 1440000
>>
>> увеличил до 1500000 - не помогло
>>
> Не забывайте про sysctl'и
> net.ipv4.tcp_tw_reuse=1
> net.ipv4.tcp_tw_recycle=1
> net.core.somaxconn=32768
> net.ipv4.tcp_max_syn_backlog=32768
>
> И увеличение listen backlog в nginx
>
> _______________________________________________
> nginx-ru mailing list
> nginx-ru@xxxxxxxxx
> http://nginx.org/mailman/listinfo/nginx-ru
>
--
With best regards,
differentlocal (www.differentlocal.ru | differentlocal@xxxxxxxxx),
System administrator.
_______________________________________________
nginx-ru mailing list
nginx-ru@xxxxxxxxx
http://nginx.org/mailman/listinfo/nginx-ru
|
