Genes MailLists wrote: > On 06/01/2011 12:57 PM, Bruno Wolff III wrote: >> On Wed, Jun 01, 2011 at 11:09:35 -0400, >> >> Unless there is some other alternate way to maintain state in the packets, >> the DoS attacks will still work. If you aren't worried about those you >> could turn it off. >> >> Also, my memory is that there is a threshold for switching to syn cookies. >> I don't remember where I saw the reference, but if that is correct, you >> shouldn't be using them unless your machine is fielding lots of connections. > > I believe there was a proposal a few years ago but I don't know what > became of it. > > I too recall a threshold below which there should be no effect - that > said I also kind of recall it impacting some other tcp options (window > scaling in particular was squeezed out if I remember right to make room > for the cookie) ... > > and therefore some performance degradation when the machine gets busy > ... so its never been totally problem free in that sense ... > > Depending on what you do, more than "some." As physical distance goes up and speed goes up, the penalty for small window size goes up as well. Pulling a TB/day or so from NY to CA I used large window sizes to make it possible. -- Bill Davidsen <davidsen@xxxxxxx> "We have more to fear from the bungling of the incompetent than from the machinations of the wicked." - from Slashdot -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
