Re: [LARTC] Re: [release] ipsysctl tutorial 1.0.1

From: "Michael T. Babcock" <mbabcock@fibrespeed.net>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Re: [release] ipsysctl tutorial 1.0.1
Date: Wed, 23 Oct 2002 18:59:44 +0000	[thread overview]
Message-ID: <marc-lartc-103539968803723@msgid-missing> (raw)
In-Reply-To: <marc-lartc-103539326825533@msgid-missing>

Oskar Andreasson wrote:

>>>may be of interest to some people on the netdev mailinglist as well.
>>>Just to inform people who may be interested, the ipsysctl tutorial has 
>>>been released in a new version at http://ipsysctl-tutorial.frozentux.net. 
>>>      
>>>
I'd like to ask for some clarifications, if not quoting, in the tutorial 
on page x321.html (not sure of section numbers) re: syn cookies.

Dan Bernstein (everyone's favorite mathematician :-) ) makes it very 
clear on http://cr.yp.to/syncookies.html that your warnings are 
primarily FUD.  For the sake of quoting:

A few people (notably Alexey Kuznetsov, Wichert Akkerman, and Perry 
Metzger) have been spreading misinformation about SYN cookies. Here are 
some of their bogus claims:

    * SYN cookies ``present serious violation of TCP protocol.''
      Reality: SYN cookies are fully compliant with the TCP protocol.
      Every packet sent by a SYN-cookie server is something that could
      also have been sent by a non-SYN-cookie server.
    * SYN cookies ``do not allow to use TCP extensions'' such as large
      windows. Reality: SYN cookies don't hurt TCP extensions. A
      connection saved by SYN cookies can't use large windows; but the
      same is true without SYN cookies, because the connection would
      have been destroyed.
    * SYN cookies cause ``massive hanging connections.'' Reality: With
      or without SYN cookies, connections occasionally hang because a
      computer or network is overloaded. Applications deal with this by
      simply dropping idle connections.
    * SYN cookies cause ``serious degradation of service.'' Reality: SYN
      cookies /improve/ service. They do take a small amount of CPU time
      to compute, but that CPU time has to be spent anyway for
      hard-to-predict sequence numbers; see RFC 1948.
    * SYN cookies cause ``magic resets.'' Reality: SYN cookies never
      cause resets.

These people also have the annoying habit of crediting their bogus 
claims to other people, such as me. I don't know whether to attribute 
this to malice or stupidity; either way, I would like the record to be 
set straight.

I invited Kuznetsov to either retract or defend his claims. He refused 
to do so. I'm sure he's aware by now that his claims are false, and that 
any attempted defense will be promptly ripped to shreds; but he's still 
not admitting his errors. It's unfortunate that he doesn't have more 
respect for the truth.

I also invited Akkerman to either retract or defend his claims. He did 
not respond.

-- 
Michael T. Babcock
C.T.O., FibreSpeed Ltd.
http://www.fibrespeed.net/~mbabcock

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/