On 06/01/2011 10:40 AM, Bruno Wolff III wrote: > On Wed, Jun 01, 2011 at 10:35:18 -0400, > Genes MailLists <lists@xxxxxxxxxxxx> wrote: >> >> Networking Gurus: >> >> In the past I've set my firewall to use tcp_syncookies - but this >> prevents certain tcp options - given the current state of the internet - >> can someone opine on whether this should continue to be used or not? > > The purpose of syn cookies is to not maintain state locally for partly > opened connections. Doing so makes a denial of service attack very > easy. Right - I understand its purpose and benefits - but networking (and the speed and window sizes) have changed since 1996 ... my question is if it is still good practice today to use it? -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
