How to Set Maximum Number of Incomplete TCP Connections - Securing the Network in Oracle® Solaris 11.2

Securing the Network in Oracle^® Solaris 11.2

Exit Print View

» ...Documentation Home » Oracle Solaris 11.2 Information Library » Securing the Network in Oracle^® ... » Tuning Your Network » Tuning the Network » How to Set Maximum Number of Incomplete TCP ...

Updated: August 2014

Securing the Network in Oracle^® Solaris 11.2

Document Information

Using This Documentation

Chapter 1 Using Link Protection in Virtualized Environments

Chapter 2 Tuning Your Network

Tuning the Network

How to Disable the Network Routing Daemon

How to Disable Broadcast Packet Forwarding

How to Disable Responses to Echo Requests

How to Set Strict Multihoming

How to Set Maximum Number of Incomplete TCP Connections

How to Set Maximum Number of Pending TCP Connections

How to Specify a Strong Random Number for Initial TCP Connection

How to Prevent ICMP Redirects

How to Reset Network Parameters to Secure Values

Chapter 3 Web Servers and the Secure Sockets Layer Protocol

Chapter 4 About IP Filter in Oracle Solaris

Chapter 5 Configuring IP Filter

Chapter 6 About IP Security Architecture

Chapter 7 Configuring IPsec

Chapter 8 About Internet Key Exchange

Chapter 9 Configuring IKEv2

Chapter 10 Configuring IKEv1

Chapter 11 Troubleshooting IPsec and Its Key Management Services

Chapter 12 IPsec and Key Management Reference

Network Security Glossary

Language:

How to Set Maximum Number of Incomplete TCP Connections

Use this procedure to prevent denial of service (DOS) attacks by controlling the number of pending connections that are incomplete.

Before You Begin

You must become an administrator who is assigned the Network Management rights profile. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.2 .

Set the maximum number of incoming connections.
```
# ipadm set-prop -p _conn_req_max_q0=4096 tcp
```

Verify the current value.

# ipadm show-prop -p _conn_req_max_q0 tcp
PROTO  PROPERTY         PERM CURRENT   PERSISTENT   DEFAULT   POSSIBLE
tcp   _conn_req_max_q0  rw   4096      --           128       1-4294967295

See also

For more information, see _conn_req_max_q0 in Oracle Solaris 11.2 Tunable Parameters Reference Manual and the ipadm(1M) man page.

Copyright © 1999, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices