Re: enable tcp_syncookies by default?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 13 Jan 2005 10:33:10 +0200, Marius Andreiana
<mandreiana@xxxxxxxxxx> wrote:
> Enabling SYN cookies is a very simple way to defeat SYN flood attacks
> while using only a bit more CPU time for the cookie creation and
> verification. Since the alternative is to reject all incoming
> connections, enabling SYN cookies is an obvious choice.

only a bit more CPU time?

Are there any hard numbers here to use to evaluate the trade-off more
quantiatively?

In what sort of load situations would you start to notice the cpu hit?  
Are we talking about a 400 Mhz pentium running a small public web server?
Are we talking about a typical desktop/workstation install on middle
of the road current hardware?
Does a very active web server on reasonable modern hardware see the
cpu hit because of its high network traffic?

How does this scale with network activity and hardware resources? 
Where are the cases where this becomes noticable?

-jef


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux