| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 21 Oct 2009 09:25:06 +0200 From: Eric Dumazet <eric.dumazet@...il.com> To: Olaf van der Spek <olafvdspek@...il.com> CC: netdev@...r.kernel.org Subject: Re: Enable syn cookies by default Olaf van der Spek a écrit : > On Thu, Oct 15, 2009 at 10:59 AM, Olaf van der Spek > <olafvdspek@...il.com> wrote: >> On Sat, Oct 10, 2009 at 3:01 PM, Olaf van der Spek <olafvdspek@...il.com> wrote: >>> Hi, >>> >>> I'm forwarding Debian feature request #520668. >>> >>> Could syn cookies be enabled by default? >>> >>> AFAIK syn cookies only get send when the half-open TCP connection >>> queue is full. So stuff like window scaling should work fine in normal >>> situations. >>> >>> Speaking of which: >>> When the half-open TCP connection queue is full and syn cookies are >>> enabled, you get a message like "kernel: possible SYN flooding on port >>> 2710. Sending cookies." >>> However when syn cookies are disabled, you don't get any message (in >>> kern.log), although connections to your server are timing out. >>> Could such a message be added? >>> Maybe with a suggestion to increase the size of that queue or to >>> enable syn cookies. >>> >>> Greetings, >>> >>> Olaf >>> >>> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520668 >>> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520667 >>> https://bugs.launchpad.net/ubuntu/+bug/57091 >>> >> Somebody? > > Anybody? This is a user selectable setting. What's wrong with /etc/sysctl.conf ? -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists