Re: SYN cookie reliability

Matti Aarnio (matti.aarnio@tele.fi)
Tue, 14 Apr 1998 16:58:17 +0300 (EEST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Ion Badulescu: "Re: 2.1.93.."
Previous message: Martin Mares: "Re: 2.1.93.."

> SYN cookies do not seem to work on 2.1.95/96. I have not checked previous
> kernels for this problem.
>
> I set /proc/sys/net/ipv4/tcp_syncookies to 1. I enabled SYN cookies. I
> used synk on myself. The flooding gets through.

Of course it gets thru, but is the system (given TCP port)
unusable for simultaneous non-flood usage ?

Say you flood your TELNET port, can you still do:
telnet your.local.host
while the SYNK is hammering ?
If you can't, then SYN-cookies don't work.

> Attached are the program I used an the output of netstat after using it.
> IMHO, this is not a good thing. In fact, I feel you should set SYN cookies
> to the way they were in 2.0.33. At least they worked back then.
>
> | Fenestrae delendae sunt. |
> | smilax@mindmeld.dyn.ml.org |

/Matti Aarnio <matti.aarnio@tele.fi>

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu

Next message: Ion Badulescu: "Re: 2.1.93.."
Previous message: Martin Mares: "Re: 2.1.93.."