echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 45 > /proc/sys/net/netfilter/nf_conntrack_tcp_timeout_syn_recv
echo 3 > /proc/sys/net/ipv4/tcp_synack_retries
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle
I tried to use these common values to help deter a syn flood from occurring. Syn-cookies challenges the other opponent. While you change the default timing of syn_recv from 60 seconds to 45 seconds which would also be the equivalent of 3 tcP_synack_retries.
Last but not least, reuse that old ttimewait port. 🙂
This dirty last ditch modification to the kernel will force close connections after so many seconds. The default is 60.
echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
This will tell everyone that you have 30 seconds to finish or else I will drop your connection. This is good in a pinch, but do not recommend running this at all times.
whmapi1 configureservice service=httpd enabled=0 monitored=0
After researching what could cause an instant kernel panic with no documentation or messages in kdump, I found that if manually execute the following code
warning: will cause system disruption, I am not held responsible for your copy and pasting)
echo c > /proc/sysrq-trigger
More information regarding this can be found on the Old Internet Archives at https://web.archive.org/web/20160816230132/https://www.kernel.org/doc/Documentation/sysrq.txt
Ahh, do I remember the days when getting on Google required you to use a third party strange looking URL. Sometimes it was hard to actually making it on Google. SEO submission was very hard. The days of META keywords and tags.
Well, no more! Google allows you to submit your “Domain Property” or websites via the Google Search Console:
Need to execute a set of commands in a loop, non-stop?
while true; do killall -9 program; sleep 3; done
This will tell your Linux O/S do killall -9, sleep for 3 seconds, and start it again. This is great if you don’t have access to a crontab or just need it for a quick fix.
Simply fill out a ticket and I’ll be in touch.
Do you need to check the zone file syntax via command line after making a change. You can run the following:
named-checkzone domain.com /var/named/domain.com.db
Results should be similar to
zone domain.com/IN: loaded serial 20190xxxxx
Ever need to stop traffic from or to an IP address fast? Blackhole it?
ip route add blackhole x.x.x.x