tcp_syncookie question
Genes MailLists
lists at sapience.com
Wed Jun 1 15:09:35 UTC 2011
On 06/01/2011 10:40 AM, Bruno Wolff III wrote:
> On Wed, Jun 01, 2011 at 10:35:18 -0400,
> Genes MailLists <lists at sapience.com> wrote:
>>
>> Networking Gurus:
>>
>> In the past I've set my firewall to use tcp_syncookies - but this
>> prevents certain tcp options - given the current state of the internet -
>> can someone opine on whether this should continue to be used or not?
>
> The purpose of syn cookies is to not maintain state locally for partly
> opened connections. Doing so makes a denial of service attack very
> easy.
Right - I understand its purpose and benefits - but networking (and
the speed and window sizes) have changed since 1996 ... my question is
if it is still good practice today to use it?
More information about the users
mailing list