On 14 Jan 2016, at 08:20, Thomas ☃ Habets <habets@xxxxxxxxxx> wrote: > The socket option is enabled *after* connection establishment, thus > doesn't protect against SYN floods. This is because server doesn't > know (in userspace) what the address of the peer is until they > connect. Again because signed addresses. So could they exchange a secret as part of the session, obviating the need for any set up? -- Alex Bligh _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev