Comment 22 for bug 57091
Revision history for this message
| Simon Iremonger (ubuntu-iremonger) wrote Re: [Bug 57091] Re: proc/sys/net/ipv4/tcp_syncookies=1 should be seriously considered to permit SYN flood defense... | #22 |
>> Ah, nice. I kinda expected a link to the package version in which it got fixed.
The silly thing is....
There is misinformation in the /etc/sysctl.conf now!
It says:-
"# This disables TCP Window Scaling (http://
First of all that is incorrect as a blanket statement.
A connection 'saved by syncookies' used to not allow window scaling.
But, it always worked fine solong as there was not a synflood going on!
Secondly, its' completely wrong now, because newer kernel
SynCookies, will ALWAYS allow window scaling, regardless
of syncookies having 'kicked in' or not!
That could do with just being removed.
--Simon