Comment 12 for bug 57091

On Thu, 23 Oct 2008, KimOlsen wrote:
>> "...option causes the system to violate the TCP standard..."
> I do not think this is the case. If you check RFC4732 they list this as
> a possible way to help against DoS attacks.

> I also believe that window scaling is not affected, but large windows
> are. But accepting legit traffic without large windows is better than
> dropping the connections.
Note, that, seemingly, as of Linux 2.6.26, tcp connections with
   "large windows" can now be accepted under syn-flood too! So,
   even that, no longer matters, seemingly...

> So if the implementation is an adaptive one that only use SYN
> cookies when under huge load, then I am all for this.
Yes, it is.
Linux produces messages on the kernel log, to say "sending cookies"
   when this happens. I.e. SYN-cookies do NOT come into play unless
   there is a high load of incoming connections.

I can understand that some systems receiving a legitimately high
   number of connections, it may be necessary to increase the
   net.ipv4.tcp_max_syn_backlog (or whatever it is, exactly) to
   avoid the use of cookies... but that *still* does not create
   any reason not to have set tcp_syncookies=1 !!

> At least in the server edition.
I don't see why the install CD type matters, myself...
Any install can result in some use of TCP listening sockets
   somewhere! Also... that then means extra work to setup
   different sysctl settings based upon install-disk...

But thats' only my thoughts...

It would be good to get this sorted-out properly... But I don't
   know what other information is needed. I guess the problem is
   not information.. in this world of information-overload ;-).

If Ubuntu networking team, don't want to change the setting, they
   don't want to change the setting... puzzling...

--Simon