Put this in your /etc/rc.d/rc.local file:
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
It won't fix the 'upstream' flood, but it'll help minimize the 'load' on your machine.
has more info (Great resource!)
Next, I'd upgrade to 7.2 and setup iptables/netfilter. You can do rate limits there, nice...
Has more links to iptables/netfilter info than anyone person could hope to use. One of the best to start with is:
Here's another 'helper':
Another mitigation against SYN flooding is increasing the value of
/proc/sys/net/ipv4/tcp_max_syn_backlog. On 2.2 kernels, I believe the value
defaults to 128, and on 2.4 kernels I believe the default is 1024. If your
init scripts invoke sysctl during boot (like Red Hat), put this in
# Reduce SYN Floods
Replace "4096" with whatever you are comfortable with.
Or from the command line:
# echo 4096 >/proc/sys/net/ipv4/tcp_max_syn_backlog
(NOTE: Mmm, bet you can add net.ipv4.tcp_syncookies=1 to sysctl.conf instead of rc.local as well)
And yes, aprsd 2.2.3 (CVS from 2 days ago) runs mostly fine on RH 7.2 - I don't seem to be able to view the HTML status page. Other than that, all seems fine.
Are you using kernel level AX.25 services with aprsd or linux authentication? If so, then yea - I think it does have to be run as root. If not, then no - just chmod o+rw /dev/ttyS0 (or whatever serial port your TNC is on, if you have one...) and run aprsd as any other user.
I think the dependancy on being root for AX.25 is changing or has changed, but I've not kept track of where that stands.
> I've been running an aprsd machine for almost 2 years. The fun is comming to
> an end I believe. Whether is just script kiddies or the real deal, I believe
> I'm the target of some type of attack. I've been getting hundreds of
> SYN_RECV on port 80. I've had to shut down httpd, but I am fearful that it's
> just a symptom of the problem, not the culprit. It's tying up my dsl line
> and taking up cpu time. I've been running AE5PL's javAPRS and some other
> basic boring web pages.
> I run
> I've had trouble finding RPMs for RH6.1 to bring these things up to date.
> I've been checking rpmfind.net and the versions I see listed for 6.1 show
> similar versions to what I have installed. Is 6.1 dead at this point, should
> I give up and go to RH 6.2 or 7.2 or something else? Will aprsd run on 7.2?
> Another thing I noticed, should aprsd be running as root in my "ps -auxw"
> Someone recently told me that 6.1 would be hacked sooner or later. It looks
> it is sooner.
| CARC Repeater 146.940 DN62 |
| http://groups.yahoo.com/group/RM-APRS |
| "The Dungeon" at http://go.to/KC7ZRU |
| AIM - kc7zru BBS http://18.104.22.168/carc/ |