enable tcp_syncookies by default?
Iago Rubio
iago.rubio at hispalinux.es
Thu Jan 13 14:05:06 UTC 2005
On Thu, 2005-01-13 at 09:33, Marius Andreiana wrote:
> Hi
>
> Based on information below, can
> /proc/sys/net/ipv4/tcp_syncookies/tcp_syncookies
> be enabled by default? Are there any drawbacks?
[snipped explanation on syn flood]
Being a CPU consuming process to create and check the cookies, Will not
be better to let this setting as is ?
People who have to deal with Internet connected machines should know how
to enable syn cookies (is not so hard to write down `echo 1 >
/proc/sys/net/ipv4/tcp_syncookies` ).
Machines not facing Internet have no need to waste resources in creating
and checking the cookies.
Default settings should be for the most common configuration, and I'm
not sure most users should have syn cookies enabled.
Regards
--
Iago Rubio
More information about the fedora-devel-list
mailing list