On Thu, 13 Jan 2005 10:33:10 +0200, Marius Andreiana <mandreiana@xxxxxxxxxx> wrote: > Enabling SYN cookies is a very simple way to defeat SYN flood attacks > while using only a bit more CPU time for the cookie creation and > verification. Since the alternative is to reject all incoming > connections, enabling SYN cookies is an obvious choice. only a bit more CPU time? Are there any hard numbers here to use to evaluate the trade-off more quantiatively? In what sort of load situations would you start to notice the cpu hit? Are we talking about a 400 Mhz pentium running a small public web server? Are we talking about a typical desktop/workstation install on middle of the road current hardware? Does a very active web server on reasonable modern hardware see the cpu hit because of its high network traffic? How does this scale with network activity and hardware resources? Where are the cases where this becomes noticable? -jef
