From mboxrd@z Thu Jan 1 00:00:00 1970 From: Olaf van der Spek Subject: Re: Enable syn cookies by default Date: Wed, 21 Oct 2009 09:17:53 +0200 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 To: netdev@vger.kernel.org Return-path: Received: from mail-gx0-f212.google.com ([209.85.217.212]:62804 "EHLO mail-gx0-f212.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750919AbZJUHRt (ORCPT ); Wed, 21 Oct 2009 03:17:49 -0400 Received: by gxk4 with SMTP id 4so5593469gxk.8 for ; Wed, 21 Oct 2009 00:17:53 -0700 (PDT) In-Reply-To: Sender: netdev-owner@vger.kernel.org List-ID: On Thu, Oct 15, 2009 at 10:59 AM, Olaf van der Spek wrote: > On Sat, Oct 10, 2009 at 3:01 PM, Olaf van der Spek wrote: >> Hi, >> >> I'm forwarding Debian feature request #520668. >> >> Could syn cookies be enabled by default? >> >> AFAIK syn cookies only get send when the half-open TCP connection >> queue is full. So stuff like window scaling should work fine in normal >> situations. >> >> Speaking of which: >> When the half-open TCP connection queue is full and syn cookies are >> enabled, you get a message like "kernel: possible SYN flooding on port >> 2710. Sending cookies." >> However when syn cookies are disabled, you don't get any message (in >> kern.log), although connections to your server are timing out. >> Could such a message be added? >> Maybe with a suggestion to increase the size of that queue or to >> enable syn cookies. >> >> Greetings, >> >> Olaf >> >> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520668 >> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520667 >> https://bugs.launchpad.net/ubuntu/+bug/57091 >> > > Somebody? Anybody?