[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: netbase 3.16-10 and TCP SYN cookies being enabled by default

On Sat, Feb 12, 2000 at 12:26:30PM -0600, David Starner wrote:
> Maybe I don't understand here. If you enable syncookies in the kernel,
> why would not want to use them?  Or are they compiled into the default
> kernels?

Because the kernel is turning them on automatcally if (and only if) the
kernel recognices a SYN Attack ("possible SYN flooding on port %d. Sending
cookies.").

We should not overwrite kernel defaults without good reason or without
asking the user about it. Especially not if it makes no sense and breaks
communication.

Greetings
Bernd
-- 
  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
Reply to: