| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <23001280765498@web50.yandex.ru> Date: Mon, 02 Aug 2010 20:11:36 +0400 From: Franchoze Eric <franchoze@...dex.ru> To: Florian Westphal <fw@...len.de> Cc: netdev@...r.kernel.org Subject: Re: Re: why do we need printk on sending syn flood cookie? 02.08.10, 12:17, "Florian Westphal" <fw@...len.de>: > Franchoze Eric wrote: > > Just sirious why do we need printk each 1 second (60*HZ) about possible syn-flood? It really floods dmesg. Is there something dengerous? I have suggestion to turn off printk about sending tcp cookie each 1 second. > > It is handled exactly like other printks in the networking path, > e.g. receipt of tcp wscale == 15. > > Why does this need special treatment? > For now I see "possible SYN flooding on port %d. Sending cookies.\n" message each second on my server. I know that there are a lot of SYNs and I know that kernel sends cookie. Why do I need so mach printk? So I suggested add new value to /proc/sys/net/ipv4/tcp_syncookies, which will enable cookie but this printk will be turned off. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists