On Thu, 2005-01-13 at 09:33, Marius Andreiana wrote: > Hi > > Based on information below, can > /proc/sys/net/ipv4/tcp_syncookies/tcp_syncookies > be enabled by default? Are there any drawbacks? [snipped explanation on syn flood] Being a CPU consuming process to create and check the cookies, Will not be better to let this setting as is ? People who have to deal with Internet connected machines should know how to enable syn cookies (is not so hard to write down `echo 1 > /proc/sys/net/ipv4/tcp_syncookies` ). Machines not facing Internet have no need to waste resources in creating and checking the cookies. Default settings should be for the most common configuration, and I'm not sure most users should have syn cookies enabled. Regards -- Iago Rubio
