As a security best practice, configure a default TCP backlog queue size on VMware appliance host machines. To mitigate TCP denial or service attacks, set an appropriate default size for the TCP backlog queue size. The recommended default setting is 1280.

Procedure

  1. Run the # cat /proc/sys/net/ipv4/tcp_max_syn_backlog command on each VMware appliance host machine.
  2. Set the queue size for TCP backlog.
    1. Open the /etc/sysctl.conf file in a text editor.
    2. Set the default TCP backlog queue size by adding the following entry to the file.
      net.ipv4.tcp_max_syn_backlog=1280
    3. Save your changes and close the file.
    4. Run # sysctl -p to apply the configuration.