Re: [PATCH] Add IPv6 support to TCP SYN cookies

From: Andi Kleen
Date: Tue Feb 05 2008 - 11:13:59 EST

Next message: Andrew Vasquez: "Re: 2.6.24 regression w/ QLA2300"
Previous message: Pavel Machek: "Re: [regression] Re: brk randomization breaks columns"
In reply to: Alan Cox: "Re: [PATCH] Add IPv6 support to TCP SYN cookies"
Next in thread: Alan Cox: "Re: [PATCH] Add IPv6 support to TCP SYN cookies"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Feb 05, 2008 at 04:03:01PM +0000, Alan Cox wrote:
> > Also your sub PC class appliances rarely run LISTEN servers anyways
> > that are open to the world.
>
> Really. The ones that first come to mind often have exposed ports
> including PDA devices and phones. (Ditto low end PC boxes - portscan an
> EEPC some day ;))

What kind of LISTEN ports? And does it matter if they're DoS'ed?

The only one I can think of right now would be ident and frankly nobody
will really care if that one works or not.

If it's just the management interface etc. (which should really be firewalled)
then likely not.

> Is the other stuff enough - good question, and can be measured easily
> enough on a little dlink router or similar.

My guess would be that it is.

If it's not it would be probably better to look at improving the standard queue
management again; e.g.readd RED.

-Andi

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew Vasquez: "Re: 2.6.24 regression w/ QLA2300"
Previous message: Pavel Machek: "Re: [regression] Re: brk randomization breaks columns"
In reply to: Alan Cox: "Re: [PATCH] Add IPv6 support to TCP SYN cookies"
Next in thread: Alan Cox: "Re: [PATCH] Add IPv6 support to TCP SYN cookies"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]