On 15-10-2009 10:59, Olaf van der Spek wrote:

On Sat, Oct 10, 2009 at 3:01 PM, Olaf van der Spek [off-list ref] wrote:

quoted

Hi,

I'm forwarding Debian feature request #520668.

Could syn cookies be enabled by default?

Hi,

Alas, I can only give you a hint: while waiting for a better response,
you could try to 'google' for some archives of this list; AFAICR a few
(?) months ago David Miller explained this first question at least.
(In short: they aren't up-to-date enough.)

Regards,
Jarek P.

quoted

AFAIK syn cookies only get send when the half-open TCP connection
queue is full. So stuff like window scaling should work fine in normal
situations.

Speaking of which:
When the half-open TCP connection queue is full and syn cookies are
enabled, you get a message like "kernel: possible SYN flooding on port
2710. Sending cookies."
However when syn cookies are disabled, you don't get any message (in
kern.log), although connections to your server are timing out.
Could such a message be added?
Maybe with a suggestion to increase the size of that queue or to
enable syn cookies.

Greetings,

Olaf

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520668
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520667
https://bugs.launchpad.net/ubuntu/+bug/57091

Somebody?