--On Wednesday, May 04, 2005 11:35 PM -0700 Quanah Gibson-Mount
<quanah@stanford.edu> wrote:
I will note that this advisory is from 1996, so I'm not sure how much
the
SYN flood issue applies... Given the rather large targets painted on
Stanford's servers, if it were an issue I'm fairly certain we'd have
seen
it before.
The ndd parameter listed has also changed names since the advisory was
written. It is:
tcp_conn_req_max_q
now.
I personally tune my ndd settings already, although my
tcp_conn_req_max_q
is only 1024. I'm somewhat curious about the adb line, and if that has
changed somewhat since then.
Reading Sun's current documentation notes that
tcp_conn_req_max_q
should be less than
tcp_conn_req_max_q0
which is what replaces the adb line in modern Solaris.
See <http://docs.sun.com/app/docs/doc/817-1759/6mhfh76h3?a=view>
It looks like setting:
tcp_conn_req_max_q0 to 10240 may help resolve issues, along with
increasing
tcp_conn_req_max_q
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin