Information
The clean_partial_conns parameter determines whether or not the system is open to SYN attacks. This parameter, when enabled, clears down connections in the SYN RECEIVED state after a set period of time. This attempts to stop DoS attacks when a hacker may flood a system with SYN flag set packets.
Rationale:
The clean_partial_conns parameter will be set to 1, to clear down pending SYN received connections after a set period of time.
Solution
In /etc/tunables/nextboot, add the clean_partial_conns entry:
no -p -o clean_partial_conns=1
This makes the change permanent by adding the entry into /etc/tunables/nextboot
Default Value:
0