Re: [patch] tcp connection tracking 2.4.19

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Gianni Tedesco <gianni@ecsc.co.uk>
To: Roberto Nibali <ratz@drugphish.ch>
Cc: Martin Renold <martinxyz@gmx.ch>, linux-kernel@vger.kernel.org
Subject: Re: [patch] tcp connection tracking 2.4.19
Date: 09 Oct 2002 13:30:55 +0100	[thread overview]
Message-ID: <1034166655.30384.13.camel@lemsip> (raw)
In-Reply-To: <3DA348EF.7060709@drugphish.ch>

[-- Attachment #1: Type: text/plain, Size: 779 bytes --]

On Tue, 2002-10-08 at 22:06, Roberto Nibali wrote:
> Welcome to the world of almost-stateful packet filtering. Hey, other 
> than that, the 3wahas 'exploit' is old. Also don't I understand why they 
> claim that SYN cookies prevent syn flooding. Next time you meet someone 
> of the guys, tell them about the backlog queue.
> 

"When syncookies are enabled the packets are still answered  and  this
value [tcp_max_syn_backlog] is effectively ignored." -- From tcp(7)
manpage.

The whole point of syncookies is to negate the need for a backlog queue.

Or did I miss your point?

-- 
// Gianni Tedesco (gianni at ecsc dot co dot uk)
lynx --source www.scaramanga.co.uk/gianni-at-ecsc.asc | gpg --import
8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 232 bytes --]

next prev parent reply	other threads:[~2002-10-09 12:24 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-10-08 20:50 [patch] tcp connection tracking 2.4.19 Martin Renold
2002-10-08 21:06 ` Roberto Nibali
2002-10-09 12:30   ` Gianni Tedesco [this message]
2002-10-09 17:25     ` Roberto Nibali
2002-10-10 10:38       ` Gianni Tedesco
2002-10-10 18:06         ` Roberto Nibali
  -- strict thread matches above, loose matches on Subject: below --
2002-10-16  7:48 Martin Renold
2002-10-16 22:46 ` Harald Welte
2002-10-17 20:29   ` Martin Renold
2002-10-17  8:26 ` Svenning Sorensen
2002-10-17  8:53   ` Martin Renold

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1034166655.30384.13.camel@lemsip \
    --to=gianni@ecsc.co.uk \
    --cc=linux-kernel@vger.kernel.org \
    --cc=martinxyz@gmx.ch \
    --cc=ratz@drugphish.ch \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.