| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <AANLkTild6hAh1PPeHj_Q06k8drq-O9O9Nc48Urknm4in@mail.gmail.com> Date: Wed, 26 May 2010 06:52:45 +0800 From: Changli Gao <xiaosuo@...il.com> To: Jozsef Kadlecsik <kadlec@...ckhole.kfki.hu> Cc: Patrick McHardy <kaber@...sh.net>, "David S. Miller" <davem@...emloft.net>, Alexey Kuznetsov <kuznet@....inr.ac.ru>, James Morris <jmorris@...ei.org>, netfilter-devel@...r.kernel.org, netdev@...r.kernel.org Subject: Re: [PATCH RFC] netfilter: iptables target SYNPROXY On Wed, May 26, 2010 at 3:03 AM, Jozsef Kadlecsik <kadlec@...ckhole.kfki.hu> wrote: >> >> Yea. Only MSS option is supported. But it is better than being DoSed. >> And you can set a threshold for SYNPROXY with limit match, then there >> isn't any difference if there isn't any SYN-flood attack. > > If I (have to) limit SYNPROXY, why shouldn't I better limit the SYN > packets directly instead? > Without SYNPROXY, you have to drop the over limit SYN packets, and maybe normal SYN packets are dropped. -- Regards, Changli Gao(xiaosuo@...il.com) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists