Check out my first novel, midnight's simulacra!
Syncookies: Difference between revisions
From dankwiki
No edit summary |
No edit summary |
||
| Line 4: | Line 4: | ||
* "SYN cookies 'do not allow to use TCP extensions' such as large windows. Reality: SYN cookies don't hurt TCP extensions. A connection saved by SYN cookies can't use large windows; but the same is true without SYN cookies, because the connection would have been destroyed." | * "SYN cookies 'do not allow to use TCP extensions' such as large windows. Reality: SYN cookies don't hurt TCP extensions. A connection saved by SYN cookies can't use large windows; but the same is true without SYN cookies, because the connection would have been destroyed." | ||
** This is only true for machines expected to suffer SYNflood attacks. | ** This is only true for machines expected to suffer SYNflood attacks. | ||
** The usefulness of TCP Large Window Extensions means I disable SYNcookies on internal machines | ** The [[TCP|usefulness of TCP Large Window Extensions]] means I disable SYNcookies on internal machines | ||
Revision as of 01:48, 11 June 2009
DJB's page: http://cr.yp.to/syncookies.html
Issues with DJB's Writeup
- "SYN cookies 'do not allow to use TCP extensions' such as large windows. Reality: SYN cookies don't hurt TCP extensions. A connection saved by SYN cookies can't use large windows; but the same is true without SYN cookies, because the connection would have been destroyed."
- This is only true for machines expected to suffer SYNflood attacks.
- The usefulness of TCP Large Window Extensions means I disable SYNcookies on internal machines
