Marcel Prisi [EMAIL PROTECTED] wrote: > > I read some old threads about too small tcp.sendspace / tcp.recvspace in > 3.4 time that used to hit performance so I thought it would be useful. >
These settings only affect TCP sessions that connect directly to that system. In other words, they don't do anything on a router. > The others were about DOS prevention. > If the box isn't completely livelocked, you can Use tcpdump to figure out which IPs you need your upstream to block traffic from or to in the event of a DoS If you're lucky, most of the traffic will either come from one network or most of it will go to a small number of IP addresses on your side. If your upstream provider blocks that traffic, then your pipe isn't full anymore. If you're not lucky, you're screwed, and you need to have more bandwidth than your attacker to sustain an attack.
