mjz207@is9.nyu.edu (Matthew J Zito) writes:
>
> Hmmmm....we did some testing by syn-flooding my workstation with and
> without syn-cookies, and while the number of incoming syn_recv was much
> higher without syn_cookies enabled, we still saw (using netstat -na) a
> steadily higher number of incoming syn_recvs. Is this normal? We assumed
> that because of that, the syn_cookies were not completely working (or
> aren't a panacea for syn flooding). Based on your description, it would
> seem that it would stop flooding in its tracks. Perhaps there was a
> problem in our admittedly un-scientific test.
Syncookies only kick in when the SYN-RECV queue overflows. A connection established
by a syncookie basically "skips" the syn-recv state, it goes directly to ESTABLISHED
from nothing after the cookie is verified. This does not affect the still full
syn-recv queue.
You can increase the per socket backlog queue using the
tcp_max_syn_backlog sysctl. This makes sense if you want to use
timestamps/sack/window scaling even on a heavily loaded server.
-Andi
-- This is like TV. I don't like TV.- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Mar 15 2000 - 21:00:18 EST