lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 21 Oct 2009 09:17:53 +0200 From: Olaf van der Spek <olafvdspek@...il.com> To: netdev@...r.kernel.org Subject: Re: Enable syn cookies by default On Thu, Oct 15, 2009 at 10:59 AM, Olaf van der Spek <olafvdspek@...il.com> wrote: > On Sat, Oct 10, 2009 at 3:01 PM, Olaf van der Spek <olafvdspek@...il.com> wrote: >> Hi, >> >> I'm forwarding Debian feature request #520668. >> >> Could syn cookies be enabled by default? >> >> AFAIK syn cookies only get send when the half-open TCP connection >> queue is full. So stuff like window scaling should work fine in normal >> situations. >> >> Speaking of which: >> When the half-open TCP connection queue is full and syn cookies are >> enabled, you get a message like "kernel: possible SYN flooding on port >> 2710. Sending cookies." >> However when syn cookies are disabled, you don't get any message (in >> kern.log), although connections to your server are timing out. >> Could such a message be added? >> Maybe with a suggestion to increase the size of that queue or to >> enable syn cookies. >> >> Greetings, >> >> Olaf >> >> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520668 >> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520667 >> https://bugs.launchpad.net/ubuntu/+bug/57091 >> > > Somebody? Anybody? -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists