DoS �$B%"%?%C%/$+$i$N�(B LVS �$B$NKI8f@oN,�(B
IPVS �$B$N%P!<%8%g%s$,�(B 0.9.10 �$B0J9_$G$O!"$*8_$$$N?7$7$$%3%M%/%7%g%s�(B
�$B$N>uBV!J?7$7$$%3%M%/%7%g%s$,%j%@%$%l%/%H$5$l$?%5!<%P!<$N$h$&$J$b$N!K$rJ]$D$?$a$K%(%s%H%j!<$,:n$i$l!"�(B128�$B%P%$%H$N8zN(E*$J%a%b%j!<$K$O8_$$$N%(%s%H%j!<$,I,MW$J$N$G%(%s%H%j!<$N%5%$%:$O�(B124�$B%P%$%H$K$J$C$F$$$k!#�(B3�$B$D$NKI8f@oN,$O8=:_�(B Dos �$B967b$N1. �$B%I%m%C%W%(%s%H%j!<%G%#%U%'%s%9�(B
�$B%I%m%C%W%(%s%H%j!<%G%#%U%'%s%9$O?7$7$$%3%M%/%7%g%s$N%a%b%j$r2s<}$9$k$?$a$K!"%3%M%/%7%g%s%O%C%7%e%F!<%V%k$+$i%i%s%@%`$K%(%s%H%j!<$r%I%m%C%W$7$^$9!#8=:_$N%3!<%I$G$O%I%m%C%W%(%s%H%j!<$NuBV$K$"$k%(%s%H%j!<$ruBVA+0\$,�(B IP �$B%Q%1%C%H$N%U%i%0$K$h$C$F7h$a$i$l$k$h$&$K$J$C$F0JMh!"�(BTCP �$B$N%7!<%1%s%9HV9f$,3NG'$5$l$:K\Ev$N�(B TCP �$B>uBVA+0\$G$O$J$+$C$?!#$=$7$F0-0U$N$"$k967b$O�(B SYN �$B%Q%1%C%H$r:n@.$7�(B ACK �$B%Q%1%C%H$rN.$9$3$H$,$G$-$k!#$=$&$9$k$H�(B ESTABLISHED �$B>uBV$K$"$k%(%s%H%j!<$r�(B put �$B$9$k$h$&$K�(B LVS �$B$r$@$^$9$3$H$,$G$-$k!#�(B
ESTABLISHED/UDP �$B>uBV$K$"$k%(%s%H%j!<$G$O!";d$?$A$O>/$7J#;($J%I%m%C%W%a%+%K%:%`$r;H$&!#$b$7:G8e$Ke$J$i$P$d$C$F$/$k%Q%1%C%H$N%(%s%H%j!<%+%&%s%?$r$h$/D4$Y$F$_$k!#�(B
�$B$b$7$d$C$F$/$k$$$/$D$+$N%Q%1%C%H$,�(B8�$B$h$j$bBg$-$+$C$?$i%(%s%H%j!<$O%I%m%C%W$5$l$J$$$G!"$d$C$F$/$k%Q%1%C%H$,�(B2�$B$+$i�(B8�$B$N%(%s%H%j!<$r$a$6$7$F!"$=$N?t$h$j>/$J$$>l9g$O%(%s%H%j!<$r%I%m%C%W$7$^$9!#�(B
�$B$3$NJ}K!$O�(B /proc/sys/net/ipv4/vs/drop_entry �$B$NJQ?t$r�(B sysctl �$B$9$k$3$H$G%3%s%H%m!<%k$7$^$9!#CM$O�(B0�$B$+$i�(B3�$B$^$G$NCM$rl9g$O�(B disable �$B$G�(B1�$B$H�(B2�$B$N>l9g$O!"<+F0%b!<%I!JMxMQ2DG=$J%a%b%j$,==J,$G$J$$;~!"�(Benabled �$B$K$9$k>l9g$O�(B2 �$B!"�(Bdisable �$B$K$9$k>l9g$O�(B1 �$B!K$G�(B3�$B$N>l9g$O$$$D$G$b�(B enabled �$B$H$J$k!#�(B
�$B$b$7%7%9%F%`$,M-8z$J%a%b%j!<$r;}$C$F$$$?$i!";d$?$A$OM-8z$J%a%b%j!<$NogCM$r;H$&$3$H$,$G$-$k!#$3$NogCM$O�(B /proc/sys/net/ipv4/vs/amemthresh �$B$NCM$K$h$C$FJQ$o$j!"$=$l$O%a%b%j!<%Z!<%8%f%K%C%H$NCM$@!#%G%U%)%k%H$G$O�(B1024�$B%Z!<%8$K$J$C$F$$$k!#�(B
2. �$B%I%m%C%W%Q%1%C%H%G%#%U%'%s%9�(B
�$B$b$7�(B LVS �$B$,J,;6$7$?�(B DoS �$B967b$r�$B$3$NJ}K!$O�(B /proc/sys/net/ipv4/vs/drop_packet �$B$NJQ?t$r�(B sysctl �$B$r;H$&$3$H$K$h$C$F%3%s%H%m!<%k$9$k!#CM$NDj5A$O%I%m%C%W%(%s%H%j!<$NCM$HF1$8$G$"$k!#<+F0%b!<%I$G$O3d9g$O
rate = amemthresh / (amemthresh - available_memory)
�$B3d9g�(B = �$BogCM�(B /�$B!JogCM�(B - �$BM-8z%a%b%j!
�$BM-8z$J%a%b%j!<$,M-8z%a%b%j!/$J$$>l9g�(B
3 �$B$N%b!<%I$,@_Dj$5$l$F$$$k>l9g!"%b!<%I$,$$$D$b%I%m%C%W$9$k3d9g$O�(B /proc/sys/net/ipv4/vs/am_droprate �$B$NCM$K$h$C$F%3%s%H%m!<%k$G$-$k!#%G%U%)%k%H$O�(B10�$B$G$"$k!#�(B
3. �$B%;%-%e%"�(BTCP�$B%G%#%U%'%s%9�(B
�$B%;%-%e%"�(BTCP�$B%G%#%U%'%s%9$O$b$C$HJ#;($J>uBVA+0\%F!<%V%k$r;H$$!"8_$$$N>uBV$NC;$$%?%$%`%"%&%H$r;H$&!#�(BNAT �$B$r7PM3$7$?%P!<%A%c%k%5!<%P!<$G$O%j%"%k%5!<%P!<$,%G!<%?$H�(BACK �$B%Q%1%C%H$rAw$j;O$a$k$^$G!J�(B3�$B%&%'%$%O%s%I%7%'!<%/$N8e!K�(BESTABLISHED �$B>uBV$KF~$k$N$rCY$i$;$k!#�(B
�$B$3$NJ}K!$O�(B /proc/sys/net/ipv4/vs/secure_tcp �$B$NJQ?t$r�(B sysctl �$B$r;H$&$3$H$K$h$C$F%3%s%H%m!<%k$G$-$k!#JQ?t$NDj5A$O>e$K$"$k$b$N$HF1$8$G$9!#�(B
�$B%;%-%e%"�(BTCP�$B>uBV$N%?%$%`%"%&%H$O
/proc/sys/net/ipv4/vs/timeout_close
/proc/sys/net/ipv4/vs/timeout_closewait
/proc/sys/net/ipv4/vs/timeout_established
/proc/sys/net/ipv4/vs/timeout_finwait
/proc/sys/net/ipv4/vs/timeout_icmp
/proc/sys/net/ipv4/vs/timeout_lastack
/proc/sys/net/ipv4/vs/timeout_listen
/proc/sys/net/ipv4/vs/timeout_synack
/proc/sys/net/ipv4/vs/timeout_synrecv
/proc/sys/net/ipv4/vs/timeout_synsent
/proc/sys/net/ipv4/vs/timeout_timewait
/proc/sys/net/ipv4/vs/timeout_udp
�$B%;%-%e%"�(BTCP�$B%G%#%U%'%s%9$G$O�(B SYN_RECV �$B>uBV$N�(B10�$BIC$d$=$l0J2<$N$[$H$s$I$J$$%?%$%`%"%&%H$rA&$a$F$$$^$9!#$3$N>uBV$O%;%-%e%"�(B TCP �$B$NJQ?t$,�(B2�$B$+�(B3�$B$K@_Dj$5$l$F$$$k;~$@$1�(B NAT �$B$r7PM3$7$?%P!<%A%c%k%5!<%P!<$K;H$o$l$^$9!#%@%$%l%/%H%k!<%F%#%s%0!"%H%s%M%j%s%0!"%m!<%+%k$N%U%)%o!<%G%#%s%0%a%=%C%I$G$O:G=i$N>uBV$O�(B SYN_ACK �$B$G$9!#�(B
$Id: defense.html,v 1.2 2000/04/10 13:11:32 wensong Exp $
Created on: 2000/4/9