Check out my first novel, midnight's simulacra!

Syncookies: Difference between revisions

From dankwiki
(Created page with 'DJB's page: http://cr.yp.to/syncookies.html')
 
No edit summary
Line 1: Line 1:
DJB's page: http://cr.yp.to/syncookies.html
DJB's page: http://cr.yp.to/syncookies.html
==Issues with DJB's Writeup==
* "SYN cookies 'do not allow to use TCP extensions' such as large windows. Reality: SYN cookies don't hurt TCP extensions. A connection saved by SYN cookies can't use large windows; but the same is true without SYN cookies, because the connection would have been destroyed."
** This is only true for machines expected to suffer SYNflood attacks.
** The usefulness of TCP Large Window Extensions means I disable SYNcookies on internal machines

Revision as of 01:47, 11 June 2009

DJB's page: http://cr.yp.to/syncookies.html

Issues with DJB's Writeup

  • "SYN cookies 'do not allow to use TCP extensions' such as large windows. Reality: SYN cookies don't hurt TCP extensions. A connection saved by SYN cookies can't use large windows; but the same is true without SYN cookies, because the connection would have been destroyed."
    • This is only true for machines expected to suffer SYNflood attacks.
    • The usefulness of TCP Large Window Extensions means I disable SYNcookies on internal machines
Retrieved from "https://nick-black.com/dankwiki/index.php?title=Syncookies&oldid=464"