[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: enable tcp_syncookies by default?



On Thu, 2005-01-13 at 09:33, Marius Andreiana wrote:
> Hi
> 
> Based on information below, can 
> /proc/sys/net/ipv4/tcp_syncookies/tcp_syncookies 
> be enabled by default? Are there any drawbacks?
[snipped explanation on syn flood]

Being a CPU consuming process to create and check the cookies, Will not
be better to let this setting as is ?

People who have to deal with Internet connected machines should know how
to enable syn cookies (is not so hard to write down `echo 1 >
/proc/sys/net/ipv4/tcp_syncookies` ).

Machines not facing Internet have no need to waste resources in creating
and checking the cookies.

Default settings should be for the most common configuration, and I'm
not sure most users should have syn cookies enabled.


Regards
-- 
Iago Rubio


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]