Cheat Sheets

Network - SYN flooding

Description

Ensures that SYN cookies are enabled and SYN backlog is configured on hosts with dmesg reporting SYN flood

Check Script: network-tcp-max-syn-backlog.sh

#!/bin/bash

logged=$(/bin/dmesg | /bin/grep -i 'possible SYN flooding' | /usr/bin/tail -10) if [ "$logged" != "" ]; then if [[ $(/sbin/sysctl -n net.ipv4.tcp_syncookies 2>/dev/null) == 0 ]]; then result_warning "SYN flood warning in dmesg and net.ipv4.tcp_syncookies is not enabled." else result_warning "$logged" fi if [[ $(/sbin/sysctl -n net.ipv4.tcp_max_syn_backlog 2>/dev/null) -gt 1024 ]]; then result_failed "SYN flood warning in dmesg and net.ipv4.tcp_max_syn_backlog <= 1024." fi fi
Comment on Disqus