Verify that your VMware appliance host machines use IPv4 TCP Syncookies.
A TCP SYN flood attack might cause a denial of service by filling a system's TCP connection table with connections in the SYN_RCVD state. Syncookies prevent tracking a connection until receipt of a subsequent ACK, verifying that the initiator is attempting a valid connection and is not a flood source. This technique does not operate in a fully standards-compliant manner, but is only activated during a flood condition, and allows defence of the system while continuing to service valid requests.
- Run the # cat /proc/sys/net/ipv4/tcp_syncookies command on the VMware appliance host machines to verify that they use IPv4 TCP Syncookies.
If the host machines are configured to deny IPv4 forwarding, this command will return a value of 1 for
/proc/sys/net/ipv4/tcp_syncookies. If the virtual machines are configured correctly, no further action is necessary.
- If you need to configure a virtual appliance to use IPv4 TCP Syncookies, open the /etc/sysctl.conf in a text editor.
- Locate the entry that reads
If the value for this entry is not currently set to one or if it does not exist, add the entry or update the existing entry accordingly.
- Save any changes you made and close the file.