>>Fair enough. I thought that last time I checked with the code the SYN
>>cookie functionality would only kick in _after_ the backlog queue is full.
> > It does. When using syn cookies you cant use some of the new advanced
> features of tcp. Linux uses the backlog queue when not under attack.
> When the queue overflows it just uses cookies - but can still accept
> connections.
That was my understanding so far. So then I haven't gone crazy, thank god.
> I don't think these statements are entirely true. While it is true that
> you can't use things like window scaling or SACK - syncookies 100%
> successfully stop syn flood attacks.
Someone needs to adjust the text then.
> The attack is that if you fill the syn backlog queue with bogus requests
> then legitimate clients can no longer connect. The syn flood attack
> isn't "your legitimate connections wont be able to use window scaling".
I completely agree with this definition of SYN flooding and then I will
also say that you can 'stop' SYN flooding, well, at least you give
legitimate clients a real chance to still successfully connect to your
service, while it is under a SYN flood. I think we agree now. It should
only be remarked that the line is still flooded, thus the wording "100
stop SYN flood" is simply inappropriate in my eyes. It's all a matter of
definition.
Regards,
Roberto Nibali, ratz
-- echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq'|dc- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Oct 15 2002 - 22:00:37 EST