On Tue, 2002-10-08 at 22:06, Roberto Nibali wrote:
> Welcome to the world of almost-stateful packet filtering. Hey, other
> than that, the 3wahas 'exploit' is old. Also don't I understand why they
> claim that SYN cookies prevent syn flooding. Next time you meet someone
> of the guys, tell them about the backlog queue.
>
"When syncookies are enabled the packets are still answered and this
value [tcp_max_syn_backlog] is effectively ignored." -- From tcp(7)
manpage.
The whole point of syncookies is to negate the need for a backlog queue.
Or did I miss your point?
-- // Gianni Tedesco (gianni at ecsc dot co dot uk) lynx --source www.scaramanga.co.uk/gianni-at-ecsc.asc | gpg --import 8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Oct 15 2002 - 22:00:30 EST