Re: tcp_syncookie
On Fri, Oct 06, 2000 at 05:27:44PM -0200, Henrique M Holschuh wrote:
> Because it causes problems, and even the kernel people who designed it think
> it is best to leave the thing disabled by default (which IS the reason why
> it is not enabled by default).
linux-2.4.0-test4/Documentation/networking/ip-sysctl.txt:
syncookies seriously violate TCP protocol, do not allow
to use TCP extensions, can result in serious degradation
of some services (f.e. SMTP relaying), visible not by you,
but your clients and relays, contacting you. While you see
synflood warnings in logs not being really flooded, your server
is seriously misconfigured.
Greetings
Bernd
--
(OO) -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE
(O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
Reply to: