A horde of spam bots tried to register, post and reply to topics on this forum. The result resembled DDoS attack consuming excessive amount of CPU cycles and network traffic. One of the side-effects reminded me of Slowloris Cyber Attack where the attacker floods the target web server with unfinished requests and tried to keep them open as long as possible. Web servers keepalive settings and TCP keepalive enable the attack. My webserver was not particularly affected by that but the OS was. Or more precisely MariaDB that turned on the TCP keepalive that is normally disabled in Debian. If you are running MariaDB locally and without any network connections, enabling TCP keeplive for it makes no sense.

WARNING: SSHD uses but does not require TCP keepalive

If you disable tcp-keepalive, ssh will disconnect immediately. Unless you have physical access to your server or a recovery console, you will not be able to re-connect using ssh. SSHD does not need TCP keepalive to keep the connections alive although it is enabled by default.

You can disable TCP keepalive dependency by adding to your SSHD config
this line
and then reloading configuration
Make sure to do this before you disable TCP keepalive.

How to turn TCP keepalive off completely and permanently in Debian?

Before disabling TCP keepalive you must check carefully if there are any software that requires it.

To disable TCP keepalive you need to add settings to your sysconf configuration file to make the configuration persistent:
Add to the file the following lines:
Load the new settings so that they take effect:
To learn the specifics how TCP keepalive works and what this configuration means, read TCP Keepalive HOWTO.

Happy hacking,

s