On Thu, 2005-01-13 at 16:48, Pekka Savola wrote: > On Thu, 13 Jan 2005, Iago Rubio wrote: > > Default settings should be for the most common configuration, > > By that logic, syn cookies should be enabled. > > It's 2005. Computers are connected to the net, period. Yes, I know. I've got right now 5 computers connected to the net around me, 8 computers in my home LAN. None of them can be target of syn floods from Internet. As I'm sure you now, one computer can access the net without been facing it. A route from your lan to Internet does not make your machine a target of syn flood attacks. >From a desktop user's prespective, with no server running, syncookies have nothing to do enabled, as you need at least one open port to trigger a syn flood. Computers connected to Internet, does not mean computers target of syn floods at all. Only servers connected to Internet have this risk. > It's better to err in the side of caution, you know. I agree with you. But ITOH I'm not sure to ship a broken TCP implementation by default should be a great idea, even while this broken implementation can help during a syn flood attack - but not solve it. It will also break TCP extensions as T/TCP. In fact, against a serious syn flood there's nothing your box can do, even with syncookies enabled. You will end loosing legitimate connections. Regards. -- Iago Rubio