On Tue, 2002-10-08 at 22:06, Roberto Nibali wrote:
> Welcome to the world of almost-stateful packet filtering. Hey, other=20
> than that, the 3wahas 'exploit' is old. Also don't I understand why they=20
> claim that SYN cookies prevent syn flooding. Next time you meet someone=20
> of the guys, tell them about the backlog queue.
>=20
"When syncookies are enabled the packets are still answered and this
value [tcp_max_syn_backlog] is effectively ignored." -- From tcp(7)
manpage.
The whole point of syncookies is to negate the need for a backlog queue.
Or did I miss your point?
--=20
// Gianni Tedesco (gianni at ecsc dot co dot uk)
lynx --source www.scaramanga.co.uk/gianni-at-ecsc.asc | gpg --import
8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D
--=-ngVJRBBZ8jPe0UHP9+ml
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQA9pCF/kbV2aYZGvn0RAmmLAJ9x//QrNXuDU57xrvKfUdHa6bT/aQCePVbh
AsK2Cvm0GgTjI6oyd3NL2b8=
=Nq9t
-----END PGP SIGNATURE-----
--=-ngVJRBBZ8jPe0UHP9+ml--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/