Re: tcp_syncookie

To: Henrique M Holschuh <hmh+debianml@rcm.org.br>
Cc: Andreas Schuldei <andreas@schuldei.org>, debian-devel@lists.debian.org
Subject: Re: tcp_syncookie
From: Bernd Eckenfels <lists@lina.inka.de>
Date: Mon, 9 Oct 2000 01:55:38 +0200
Message-id: <20001009015538.A12419@lina.inka.de>
In-reply-to: <20001006172744.A8083@godzillah>; from hmh+debianml@rcm.org.br on Fri, Oct 06, 2000 at 05:27:44PM -0200
References: <20001006171255.A9661@sigrid.schuldei.com> <20001006172744.A8083@godzillah>

On Fri, Oct 06, 2000 at 05:27:44PM -0200, Henrique M Holschuh wrote:
> Because it causes problems, and even the kernel people who designed it think
> it is best to leave the thing disabled by default (which IS the reason why
> it is not enabled by default).

linux-2.4.0-test4/Documentation/networking/ip-sysctl.txt:

        syncookies seriously violate TCP protocol, do not allow
        to use TCP extensions, can result in serious degradation
        of some services (f.e. SMTP relaying), visible not by you,
        but your clients and relays, contacting you. While you see
        synflood warnings in logs not being really flooded, your server
        is seriously misconfigured.

Greetings
Bernd

-- 
  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!

Reply to:

References:
- tcp_syncookie
  - From: Andreas Schuldei <andreas@schuldei.org>
- Re: tcp_syncookie
  - From: Henrique M Holschuh <hmh+debianml@rcm.org.br>

Prev by Date: Bug Tags
Next by Date: Re: ITP: fdclone
Previous by thread: Re: tcp_syncookie
Next by thread: Debian/ARM on the iPAQ mini-HOWTO
Index(es):
- Date
- Thread