Re: netbase 3.16-10 and TCP SYN cookies being enabled by default
Michael Stone wrote:
>On Sun, Feb 13, 2000 at 06:11:58PM +0000, Philip Blundell wrote:
>> My reading of the code is a little different: the kernel only uses them if
>> it thinks it may be under attack, but for that to happen they need to have
>> been previously enabled using sysctl. So it would seem sensible for
>> netbase to do this at boot time.
>
>If the kernel developers don't want it enabled by default, what is your
>reason to second guess them?
The kernel default is just that, a default. I've seen no evidence that the
kernel developers actively want syncookies to be disabled at bootup.
In any case, whether or not to enable any particular feature is a matter of
policy, and Debian is perfectly entitled (and qualified) to make that call.
Personally, I'd enable syncookies, but I don't have any particularly strong
feelings either way on the matter; the point of my original post was to
correct a misconception about the technical issues at hand.
p.
Reply to: