tcp_syncookie question
Bruno Wolff III
bruno at wolff.to
Wed Jun 1 14:40:17 UTC 2011
On Wed, Jun 01, 2011 at 10:35:18 -0400,
Genes MailLists <lists at sapience.com> wrote:
>
> Networking Gurus:
>
> In the past I've set my firewall to use tcp_syncookies - but this
> prevents certain tcp options - given the current state of the internet -
> can someone opine on whether this should continue to be used or not?
The purpose of syn cookies is to not maintain state locally for partly
opened connections. Doing so makes a denial of service attack very
easy.
More information about the users
mailing list