Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Guide to the Secure Configuration of Alibaba Cloud Linux 3
System Settings
Kernel Configuration
Enable TCP/IP syncookie support
Enable TCP/IP syncookie support
An XCCDF Rule
Details
Profiles
Prose
Enable TCP/IP syncookie support
Medium Severity
Normal TCP/IP networking is open to an attack known as SYN flooding. It is denial-of-service attack that prevents legitimate remote users from being able to connect to your computer during an ongoing attack. When enabled the TCP/IP stack will use a cryptographic challenge protocol known as SYN cookies to enable legitimate users to continue to connect, even when your machine is under attack. The configuration that was used to build kernel is available at
/boot/config-*
. To check the configuration value for
CONFIG_SYN_COOKIES
, run the following command:
grep CONFIG_SYN_COOKIES /boot/config-*
For each kernel installed, a line with value "y" should be returned.