Re: netbase 3.16-10 and TCP SYN cookies being enabled by default

To: debian-devel@lists.debian.org
Subject: Re: netbase 3.16-10 and TCP SYN cookies being enabled by default
From: Philip Blundell <Philip.Blundell@pobox.com>
Date: Sun, 13 Feb 2000 21:05:59 +0000
Message-id: <E12K6DP-0000jq-00@kings-cross.london.uk.eu.org>
In-reply-to: Message from Michael Stone <mstone@debian.org> of "Sun, 13 Feb 2000 15:19:41 EST." <20000213151941.S16430@justice.loyola.edu>
References: <20000212112903.A6415@godzillah.rivendell.sol> <20000212122630.A14752@x8b4e53cd.dhcp.okstate.edu> <20000213190025.A21672@lina.inka.de> <lists@lina.inka.de> <E12K3V0-0000Kf-00@kings-cross.london.uk.eu.org> <20000213151941.S16430@justice.loyola.edu>

Michael Stone wrote:
>On Sun, Feb 13, 2000 at 06:11:58PM +0000, Philip Blundell wrote:
>> My reading of the code is a little different: the kernel only uses them if 
>> it thinks it may be under attack, but for that to happen they need to have 
>> been previously enabled using sysctl.  So it would seem sensible for 
>> netbase to do this at boot time.
>
>If the kernel developers don't want it enabled by default, what is your
>reason to second guess them?

The kernel default is just that, a default.  I've seen no evidence that the 
kernel developers actively want syncookies to be disabled at bootup.

In any case, whether or not to enable any particular feature is a matter of 
policy, and Debian is perfectly entitled (and qualified) to make that call.
Personally, I'd enable syncookies, but I don't have any particularly strong 
feelings either way on the matter; the point of my original post was to 
correct a misconception about the technical issues at hand.

p.

Reply to:

Follow-Ups:
- Re: netbase 3.16-10 and TCP SYN cookies being enabled by default
  - From: Michael Stone <mstone@debian.org>

References:
- netbase 3.16-10 and TCP SYN cookies being enabled by default
  - From: Henrique M Holschuh <hmh+debianml@rcm.org.br>
- Re: netbase 3.16-10 and TCP SYN cookies being enabled by default
  - From: David Starner <dvdeug@x8b4e53cd.dhcp.okstate.edu>
- Re: netbase 3.16-10 and TCP SYN cookies being enabled by default
  - From: Bernd Eckenfels <lists@lina.inka.de>
- Re: netbase 3.16-10 and TCP SYN cookies being enabled by default
  - From: Philip Blundell <Philip.Blundell@pobox.com>
- Re: netbase 3.16-10 and TCP SYN cookies being enabled by default
  - From: Michael Stone <mstone@debian.org>

Prev by Date: Re: RFC: Debian an die Schule
Next by Date: Re: netbase 3.16-10 and TCP SYN cookies being enabled by default
Previous by thread: Re: netbase 3.16-10 and TCP SYN cookies being enabled by default
Next by thread: Re: netbase 3.16-10 and TCP SYN cookies being enabled by default
Index(es):
- Date
- Thread