Re: Size of Tasks during ddos

From: Alan Cox
Date: Thu Sep 11 2003 - 16:42:57 EST


On Iau, 2003-09-11 at 22:30, Mike Fedyk wrote:
> > Syncookies protect you from DoS stuff but they have other side
> > effects on efficiency when they are in use.
>
> Care to point me to a thread in the archives? I'd like to read more about
> this.

Not sure offhand where the thread is. The quick summary is

Syn cookies accept the SYN frame and encode sufficient information into
the reply that they can avoid storing any data until the next packet
arrives from the other end completing the connection.

That means squashing all the information we track (mss, window, etc)
into very few bits. A modern TCP will offer large windows, selective ack
and other features which we can't fit into a syn cookie so with this off
a burst of traffic will cause pauses while the socket queue clears and
negotiate fully featured TCP, with syncookies enabled many of the
connections on the burst will not have the extra features so many not
perform as well.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/