tcp_syncookie question

Bill Davidsen davidsen at
Wed Jun 1 18:20:12 UTC 2011

Genes MailLists wrote:
> On 06/01/2011 12:57 PM, Bruno Wolff III wrote:
>> On Wed, Jun 01, 2011 at 11:09:35 -0400,
>> Unless there is some other alternate way to maintain state in the packets,
>> the DoS attacks will still work. If you aren't worried about those you
>> could turn it off.
>> Also, my memory is that there is a threshold for switching to syn cookies.
>> I don't remember where I saw the reference, but if that is correct, you
>> shouldn't be using them unless your machine is fielding lots of connections.
>    I believe there was a proposal a few years ago but I don't know what
> became of it.
>    I too recall a threshold below which there should be no effect - that
> said I also kind of recall it impacting some other tcp options (window
> scaling in particular was squeezed out if I remember right to make room
> for the cookie) ...
>    and therefore some performance degradation when the machine gets busy
> ... so its never been totally problem free in that sense ...
Depending on what you do, more than "some." As physical distance goes up and 
speed goes up, the penalty for small window size goes up as well. Pulling a 
TB/day or so from NY to CA I used large window sizes to make it possible.

Bill Davidsen <davidsen at>
   "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot

More information about the users mailing list