> Anything new here?
I think upstream changed the default, but I'm not sure in what version.
Olaf
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Anything new here?
I think the article you've linked to in sysctl.conf
(http://lwn.net/Articles/277146/) can be seen as encouragement to enable
syncookies, or not?
It already says that they're only activated if the system runs into
trouble, and then it's still better to have "limited connections" (
Hello,
Regarding the procps bug 520668 which was asking for the TCP SYN
cookies to be enabled by default, I've looked at the various emails
to and for.
While it does seem like it would be a good idea at times, there is not
a consensus that it is a good *default* Nothing about this bug
On Sat, 13 Feb 2010, Florian Weimer wrote:
> * Craig Small:
>
> > While initially skeptical, I can see that under high TCP loads having
> > some sort of connection is better than having no connection. Connections
> > with large windows will be dropped, but they would be anyhow.
>
> This argument
* Craig Small:
> While initially skeptical, I can see that under high TCP loads having
> some sort of connection is better than having no connection. Connections
> with large windows will be dropped, but they would be anyhow.
This argument ignores the non-attack overload case. Lack of window
sca
On Sat, 2010-02-13 at 16:08 +0100, Bastian Blank wrote:
> On Sun, Feb 14, 2010 at 12:42:09AM +1100, Craig Small wrote:
> > Before I make this change, I am emailling debian-devel for comments. I
> > am looking in particular for information about why it could be harmful
> > (if it is).
>
> You forgo
On Sun, Feb 14, 2010 at 00:42:09 +1100, Craig Small wrote:
> My proposal is to change sysctl.conf so by default it will have TCP SYN
> cookies ENABLED. Anyone is quite able to change this but the default is
> proposed to be enabled.
>
> Before I make this change, I am emailling debian-devel for
On Sun, Feb 14, 2010 at 12:42:09AM +1100, Craig Small wrote:
> Before I make this change, I am emailling debian-devel for comments. I
> am looking in particular for information about why it could be harmful
> (if it is).
You forgot to mail the maintainer of the package you change the
configuration
Hello,
There has been a bug opened for a while to enable TCP SYN cookies by
default. The current situation is /etc/sysctl.conf has this option, but
it is commented out.
The procps (sysctl.conf) bug is http://bugs.debian.org/520668 you may
also like to read the discussion about tcp(7) man page at
On Thu, Dec 3, 2009 at 11:20 PM, Craig Small wrote:
> On Thu, Dec 03, 2009 at 12:26:50PM +0100, Olaf van der Spek wrote:
>> On Tue, May 26, 2009 at 7:04 PM, Olaf van der Spek
>> wrote:
>> >> I'll have to go searching now for the reasons why it wasnt enabled.
>> >
>> > Hi Craig,
>> >
>> > Found a
On Thu, Dec 03, 2009 at 12:26:50PM +0100, Olaf van der Spek wrote:
> On Tue, May 26, 2009 at 7:04 PM, Olaf van der Spek
> wrote:
> >> I'll have to go searching now for the reasons why it wasnt enabled.
> >
> > Hi Craig,
> >
> > Found any?
>
> Anybody home?
yes and the answer is no.
>
>
>
--
On Tue, May 26, 2009 at 7:04 PM, Olaf van der Spek wrote:
>> I'll have to go searching now for the reasons why it wasnt enabled.
>
> Hi Craig,
>
> Found any?
Anybody home?
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact l
Craig Small wrote:
On Sat, Sep 26, 2009 at 02:56:49PM +0200, Olaf van der Spek wrote:
Not sure about what?
They have enabled cookies by default...
Not sure it is a good idea. Yes they have enabled them but it's not an
overwhelming yes.
True, but what arguments against remain? This isn't a po
On Sat, Sep 26, 2009 at 02:56:49PM +0200, Olaf van der Spek wrote:
> Not sure about what?
> They have enabled cookies by default...
Not sure it is a good idea. Yes they have enabled them but it's not an
overwhelming yes.
- Craig
--
Craig Small GnuPG:1C1B D893 1418 2AF4 45EE 95CB C76C E5A
Craig Small wrote:
On Fri, Sep 25, 2009 at 10:24:01AM +0200, Olaf van der Spek wrote:
https://bugs.launchpad.net/ubuntu/+bug/57091
Seems a bit more insightful, but they're not really sure either.
Not sure about what?
They have enabled cookies by default...
Olaf
--
To UNSUBSCRIBE, email to
On Fri, Sep 25, 2009 at 10:24:01AM +0200, Olaf van der Spek wrote:
> https://bugs.launchpad.net/ubuntu/+bug/57091
Seems a bit more insightful, but they're not really sure either.
- Craig
--
Craig Small GnuPG:1C1B D893 1418 2AF4 45EE 95CB C76C E5AC 12CA DFA5
http://www.enc.com.au/
https://bugs.launchpad.net/ubuntu/+bug/57091
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
> With my kernel hat on:
> TCP syncookies _must not_ be enabled by default. This setting is able
> to produce serious degradation of services.
Why?
I assume you've read my (counter) arguments above.
Olaf
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of
With my kernel hat on:
TCP syncookies _must not_ be enabled by default. This setting is able to
produce serious degradation of services.
Bastian
--
There is an order of things in this universe.
-- Apollo, "Who Mourns for Adonais?" stardate 3468.1
signature.asc
Description: Dig
Craig Small wrote:
On Tue, Aug 25, 2009 at 09:32:10PM +0200, Christoph Anton Mitterer wrote:
I think the best way would be if you (or someone else) could start a new
discussion on this,.. either on lkml, or debian-devel,... perhaps there
are some experts who can give a definite answer aboute the
On Tue, Aug 25, 2009 at 09:32:10PM +0200, Christoph Anton Mitterer wrote:
> I think the best way would be if you (or someone else) could start a new
> discussion on this,.. either on lkml, or debian-devel,... perhaps there
> are some experts who can give a definite answer aboute the "best"
> settin
Christoph Anton Mitterer wrote:
On Tue, 2009-08-25 at 19:36 +0200, Olaf van der Spek wrote:
No, and I didn't receive your email either. :(
What do you mean? I haven't put you on CC before...
Maybe that's why.
I think the best way would be if you (or someone else) could start a new
discussio
On Tue, 2009-08-25 at 15:15 +1000, Craig Small wrote:
> If there is no real sway the other way (ie to enable the syncookies) I
> will close this bug.
Maybe starting an experts-discussion on this (as suggested just before)
could help.
Anway,.. as I wrote you in my last email,... a more detailed
con
On Tue, 2009-08-25 at 19:36 +0200, Olaf van der Spek wrote:
> No, and I didn't receive your email either. :(
What do you mean? I haven't put you on CC before...
> My previous argument still holds:
> > AFAIK syn cookies only get send when the half-open TCP connection
> queue is full. So stuff li
> tw: Olaf, have you read http://lkml.org/lkml/2008/2/5/167 ?
No, and I didn't receive your email either. :(
My previous argument still holds:
> AFAIK syn cookies only get send when the half-open TCP connection
queue is full. So stuff like window scaling should work fine in normal
situations.
On Thu, Aug 13, 2009 at 11:56:02PM +0200, Christoph Anton Mitterer wrote:
> Anything new here?
>
> btw: Olaf, have you read http://lkml.org/lkml/2008/2/5/167 ?
That thread is arguing for syncookies to be turned off, not on (or
rather the patch not be included).
While there seems to be little cons
HI.
Anything new here?
btw: Olaf, have you read http://lkml.org/lkml/2008/2/5/167 ?
Chris.
This message was sent using IMP, the Internet Messaging Program.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
On Tue, Mar 24, 2009 at 7:00 AM, Craig Small wrote:
> On Sat, Mar 21, 2009 at 08:08:40PM +0100, Olaf van der Spek wrote:
>> Could syn cookies be enabled by default?
>>
>> AFAIK syn cookies only get send when the half-open TCP connection queue is
>> full. So stuff like window scaling should work f
On Sat, Mar 21, 2009 at 08:08:40PM +0100, Olaf van der Spek wrote:
> Could syn cookies be enabled by default?
>
> AFAIK syn cookies only get send when the half-open TCP connection queue is
> full. So stuff like window scaling should work fine in normal situations.
I thought there was a reason why
Package: procps
Version: 1:3.2.7-11
Severity: wishlist
Hi,
Could syn cookies be enabled by default?
AFAIK syn cookies only get send when the half-open TCP connection queue is
full. So stuff like window scaling should work fine in normal situations.
Greetings,
Olaf
# Uncomment the next line t
30 matches
Mail list logo
