<!--Apologies for the top post
Hi, using syn cookies is a useful defense against the traditional (i.e. High bandwidth) DOS attacks, but may not help against the newer, rate-limited vectors such as the one demonstrated by Sockstress.
No major performance or other drawbacks that I am aware of, but there could be some compatibility issues with (very?) old TCPIP stacks.
Regards,
Sent from my Windows Mobile® phone.
-----Original Message-----
From: Ken W. <techwww@xxxxxxxxxxxx>
Sent: 08 December 2008 06:44
To: General Red Hat Linux discussion list <redhat-list@xxxxxxxxxx>
Subject: syn-cookies useful?
Hello,
Is it useful to set net.ipv4.tcp_syncookies=1 to stop DDOS attacks on Linux? If set, what's the drawback on this option? Thanks.
Start your day with Yahoo!7 and win a Sony Bravia TV. Enter now http://au.docs.yahoo.com/homepageset/?p1=other&p2=au&p3=tagline
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
