Make sure that the system is configured to limit the maximal rate for sending
duplicate acknowledgments in response to incoming TCP packets that are for
an existing connection but that are invalid due to any of these reasons:
(a) out-of-window sequence number, (b) out-of-window acknowledgment number,
or (c) PAWS (Protection Against Wrapped Sequence numbers) check failure
This measure protects against or limits effects of DoS attacks against the system.
Set the system to implement rate-limiting measures by adding the following line to
/etc/sysctl.conf or a configuration file in the /etc/sysctl.d/ directory
(or modify the line to have the required value):
net.ipv4.tcp_invalid_ratelimit =
Issue the following command to make the changes take effect:
# sysctl --system