[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: enable tcp_syncookies by default?



On Thu, 13 Jan 2005 10:33:10 +0200, Marius Andreiana
<mandreiana rdslink ro> wrote:
> Enabling SYN cookies is a very simple way to defeat SYN flood attacks
> while using only a bit more CPU time for the cookie creation and
> verification. Since the alternative is to reject all incoming
> connections, enabling SYN cookies is an obvious choice.

only a bit more CPU time?

Are there any hard numbers here to use to evaluate the trade-off more
quantiatively?

In what sort of load situations would you start to notice the cpu hit?  
Are we talking about a 400 Mhz pentium running a small public web server?
Are we talking about a typical desktop/workstation install on middle
of the road current hardware?
Does a very active web server on reasonable modern hardware see the
cpu hit because of its high network traffic?

How does this scale with network activity and hardware resources? 
Where are the cases where this becomes noticable?

-jef


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]