To provide some level of defense against malicious attacks, configure a default TCP backlog queue size on VMware appliance host machines.

About this task

Set the TCP backlog queue sizes to an appropriate default size to provide mitigation for TCP denial or service attacks. The recommended default setting is 1280.

Procedure

  1. Run the following command on each VMware appliance host machine.

    # cat /proc/sys/net/ipv4/tcp_max_syn_backlog

  2. Open the /etc/sysctl.conf file in a text editor.
  3. Set the default TCP backlog queue size by adding the following entry to the file.

    net.ipv4.tcp_max_syn_backlog=1280

  4. Save your changes and close the file.