You can also tune your server to avoid slowdown during an attack.

We recommend to set this only if you know what you are doing.

net.ipv4.ip_local_port_range=32768 61000
net.ipv4.tcp_dsack=0
net.ipv4.tcp_ecn=0
net.ipv4.tcp_fack=0
net.ipv4.tcp_fin_timeout=1
net.ipv4.tcp_keepalive_intvl=10
net.ipv4.tcp_keepalive_probes=3
net.ipv4.tcp_keepalive_time=30
net.ipv4.tcp_low_latency=1
net.ipv4.tcp_max_orphans=524288
net.ipv4.tcp_max_syn_backlog=2048
net.ipv4.tcp_no_metrics_save=1
net.ipv4.tcp_retries2=10
net.ipv4.tcp_sack=1
net.ipv4.tcp_slow_start_after_idle=0
net.ipv4.tcp_synack_retries=3
net.ipv4.tcp_syncookies=2
net.ipv4.tcp_timestamps=1
net.ipv4.tcp_tw_recycle=1
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_window_scaling=1
Was this answer helpful? 2 Users Found This Useful (3 Votes)