[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: tcp_syncookie

On Fri, Oct 06, 2000 at 05:27:44PM -0200, Henrique M Holschuh wrote:
> Because it causes problems, and even the kernel people who designed it think
> it is best to leave the thing disabled by default (which IS the reason why
> it is not enabled by default).


        syncookies seriously violate TCP protocol, do not allow
        to use TCP extensions, can result in serious degradation
        of some services (f.e. SMTP relaying), visible not by you,
        but your clients and relays, contacting you. While you see
        synflood warnings in logs not being really flooded, your server
        is seriously misconfigured.


  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!

Reply to: