On Thu, Jan 13, 2005 at 11:09:35AM -0500, Jeff Spaleta wrote: > How does this scale with network activity and hardware resources? > Where are the cases where this becomes noticable? Note that syncookies are not used until the synqueue is full, so unless the server is under attack everything proceeds just as it would with syncookies turned off. They are only enabled when the queue fills up, and in that case spending a bit more (I don't have any numbers on this) CPU time should be favourable to not being able to answer incoming requests. I run a fairly busy database-heavy website on a lowend PC (1.2ghz athlon) that gets around a million hits per day - and also gets SYN flooded every now and then. After I enabled syncookies on the server it has always managed to serve all valid requests. So.. is there a reason why they are not enabled by default? Cheers, Oskari
Attachment:
pgpBLFAvqqG3e.pgp
Description: PGP signature
