email@example.com (Matthew J Zito) writes:
> Hmmmm....we did some testing by syn-flooding my workstation with and
> without syn-cookies, and while the number of incoming syn_recv was much
> higher without syn_cookies enabled, we still saw (using netstat -na) a
> steadily higher number of incoming syn_recvs. Is this normal? We assumed
> that because of that, the syn_cookies were not completely working (or
> aren't a panacea for syn flooding). Based on your description, it would
> seem that it would stop flooding in its tracks. Perhaps there was a
> problem in our admittedly un-scientific test.
Syncookies only kick in when the SYN-RECV queue overflows. A connection established
by a syncookie basically "skips" the syn-recv state, it goes directly to ESTABLISHED
from nothing after the cookie is verified. This does not affect the still full
You can increase the per socket backlog queue using the
tcp_max_syn_backlog sysctl. This makes sense if you want to use
timestamps/sack/window scaling even on a heavily loaded server.
-- This is like TV. I don't like TV.
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to firstname.lastname@example.org Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Mar 15 2000 - 21:00:18 EST