| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 5 Feb 2008 21:53:45 +0100 From: Andi Kleen <andi@...stfloor.org> To: Evgeniy Polyakov <johnpol@....mipt.ru> Cc: Andi Kleen <andi@...stfloor.org>, Glenn Griffin <ggriffin.kernel@...il.com>, netdev@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] Add IPv6 support to TCP SYN cookies On Tue, Feb 05, 2008 at 11:39:11PM +0300, Evgeniy Polyakov wrote: > On Tue, Feb 05, 2008 at 09:02:11PM +0100, Andi Kleen (andi@...stfloor.org) wrote: > > On Tue, Feb 05, 2008 at 10:29:28AM -0800, Glenn Griffin wrote: > > > > Syncookies are discouraged these days. They disable too many > > > > valuable TCP features (window scaling, SACK) and even without them > > > > the kernel is usually strong enough to defend against syn floods > > > > and systems have much more memory than they used to be. > > > > > > > > So I don't think it makes much sense to add more code to it, sorry. > > How does syncookies prevent windows from growing? Syncookies do not allow window scaling so you can't have any windows >64k > Most (if not all) distributions have them enabled and window growing > works just fine. Actually I do not see any reason why connection > establishment handshake should prevent any run-time operations at all, > even if it was setup during handshake. TCP only uses options negotiated during the hand shake and syncookies is incapable to do this. -Andi -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists