摘要:
[color=green:2429209a5b](一)什么是 linux ?什么是操作系统? [/color:2429209a5b]
要了解 linux 之前,就不能不知道什么是操作系统 ( operation system, os ,所以,首先我们来简单的说一说什么是操作系统吧!先来想一想,当我们使用计算机时,屏幕上面显示的咚咚是由哪里来的?嗯!是由显示卡与屏幕显像的;那么你现在可以藉由网络看到这篇文章,则是藉由 internet 、网络卡......
摘要:
我有许多资料是基于7.0的,可是我手中的光盘不能直接引导安装,而我的软驱也坏了.怎么办?我突然想出了一个办法.
vpc不是可以创建虚拟轮盘吗?就创建一个虚拟的吧,应该也能装上.于是,启动vpc,打开"文件"->"虚拟磁盘向导"一会儿就创建了一个虚拟软盘,可是它现在是空白的.
启动我的advance server 2.1,放入不能引导的rh7.0光盘.然后在"软驱"菜单中选择并挂载我刚创建的虚拟软盘.cd /mnt/cdrom/images/......
防止SYN的攻击参数设置
我在一家网站工作,目前我对我所管理的web服务器的防止syn攻击方面做了以下规则:
【相关文章:
【FAQ】RPM软件包使用常见问题】 【扩展阅读:
挖哈哈哈哈哈哈!关于CS服务起的问题解决】iptables -n syn-flood
【扩展信息:
红旗桌面4.0正式版最新使用方法和问题解】 iptables -a input -p tcp --syn -j syn-flood
iptables -i syn-flood -p tcp -m limit --limit 3/s --limit-burst 6 -j return
iptables -a syn-flood -j reject
sysctl -w net.ipv4.icmp_echo_ignore_all=1
echo "1" > /proc/sys/net/ipv4/tcp_syncookies
但好像效果不是很好,有没有朋友有更好的方法,贴出来看看!另外,在redhat8与redhat9上对tcp会话超时的net.ipv4的参数定义是那个,我想限制tcp会话时间不超过30秒,应该设置那个参数呢?具我所知,微软的这个参数设置的是3秒。
wind521 回复于:2003-09-15 10:06:54
考虑上面加上一个硬件的防火墙
q1208c 回复于:2003-09-15 10:10:59
是不是你写的不对呀?你是怎么知道不好用的呀?别是你试过吧?
q1208c 回复于:2003-09-15 10:24:29
是不是你写的不对呀?你是怎么知道不好用的呀?别是你试过吧?
cgweb 回复于:2003-09-15 11:04:40
说说"效果不是很好"是何表现呀!
frankzh 回复于:2003-09-15 11:27:34
[quote:0c5cee801f="webwanglei"]我在一家网站工作,目前我对我所管理的web服务器的防止syn攻击方面做了以下规则:
iptables -n syn-flood
iptables -a input -p tcp --syn -j syn-flood
iptables -i syn-flood -p tcp -m limit --limit 3/s --li..........[/quote:0c5cee801f]
hardening the tcp/ip stack to syn attacks
most people know how problematic protection against syn denial of service attacks can be. several methods, more or less effective, are usually used. in almost every case proper filtering of packets is a viable solution. in addition to creating packet filters, the modification of the tcp/ip stack of a given operating system can be performed by an administrator. this method, the tuning of the tcp/ip stack in various operating systems, will be described in depth in this article.
while syn attacks may not be entirely preventable, tuning the tcp/ip stack will help reduce the impact of syn attacks while still allowing legitimate client traffic through. it should be noted that some syn attacks do not always attempt to upset servers, but instead try to consume all of the bandwidth of your internet connection. this kind of flood is outside the scope of scope of this article, as is the filtering of packets which has been discussed elsewhere.
what can an administrator do when his servers are under a classic, non-bandwidth flooding syn attack? one of most important steps is to enable the operating systems built-in protection mechanisms like syn cookies or synattackprotect. additionally, in some cases it is worth tuning parameters of the tcp/ip stack. changing the default values of stack variables can be another layer of protection and help better secure your hosts. in this paper i will concentrate on:
increasing the queue of half-open connections (in the syn received state).
decreasing the time period of keeping a pending connection in the syn received state in the queue. this method is accomplished by decreasing the time of the first packet retransmission and by either decreasing the number of packet retransmissions or by turning off packet retransmissions entirely. the process of packet retransmissions is performed by a server when it doesnt receive an ack packet from a client. a packet with the ack flag finalizes the process of the three-way handshake.
...
下一页 摘要:
up
采用多台服务器装squid做代理服务器阵列,要求,squid阵列对客户端而言相当于一台squid代理。具体怎么设置有做过的高手吗?请指点一二。另外,欢迎大家讨论。
tsgm 回复于:2003-09-03 20:54:36
[quote:4ca44f0df9="nbpanda"]可以使用一些三层交换机的负载均衡功能(ip 策略),我单位的网络就是这样做的。
也可以使用dns 的轮寻来做,不过效果不是很好。
......
