[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: netbase 3.16-10 and TCP SYN cookies being enabled by default

Bernd Eckenfels wrote:
>On Sat, Feb 12, 2000 at 12:26:30PM -0600, David Starner wrote:
>> Maybe I don't understand here. If you enable syncookies in the kernel,
>> why would not want to use them?  Or are they compiled into the default
>> kernels?
>
>Because the kernel is turning them on automatcally if (and only if) the
>kernel recognices a SYN Attack ("possible SYN flooding on port %d. Sending
>cookies.").

My reading of the code is a little different: the kernel only uses them if 
it thinks it may be under attack, but for that to happen they need to have 
been previously enabled using sysctl.  So it would seem sensible for netbase 
to do this at boot time.

The code is in tcp_ipv4.c::tcp_v4_conn_request.

p.
Reply to: