Hello,
Regarding the procps bug 520668 which was asking for the TCP SYN
cookies to be enabled by default, I've looked at the various emails
to and for.
While it does seem like it would be a good idea at times, there is not
a consensus that it is a good *default* Nothing about this bug would
cha
On Sat, 13 Feb 2010, Florian Weimer wrote:
> * Craig Small:
>
> > While initially skeptical, I can see that under high TCP loads having
> > some sort of connection is better than having no connection. Connections
> > with large windows will be dropped, but they would be anyhow.
>
> This argument
* Craig Small:
> While initially skeptical, I can see that under high TCP loads having
> some sort of connection is better than having no connection. Connections
> with large windows will be dropped, but they would be anyhow.
This argument ignores the non-attack overload case. Lack of window
sca
On Sat, 2010-02-13 at 16:08 +0100, Bastian Blank wrote:
> On Sun, Feb 14, 2010 at 12:42:09AM +1100, Craig Small wrote:
> > Before I make this change, I am emailling debian-devel for comments. I
> > am looking in particular for information about why it could be harmful
> > (if it is).
>
> You forgo
On Sun, Feb 14, 2010 at 00:42:09 +1100, Craig Small wrote:
> My proposal is to change sysctl.conf so by default it will have TCP SYN
> cookies ENABLED. Anyone is quite able to change this but the default is
> proposed to be enabled.
>
> Before I make this change, I am emailling debian-devel for
On Sun, Feb 14, 2010 at 12:42:09AM +1100, Craig Small wrote:
> Before I make this change, I am emailling debian-devel for comments. I
> am looking in particular for information about why it could be harmful
> (if it is).
You forgot to mail the maintainer of the package you change the
configuration
Hello,
There has been a bug opened for a while to enable TCP SYN cookies by
default. The current situation is /etc/sysctl.conf has this option, but
it is commented out.
The procps (sysctl.conf) bug is http://bugs.debian.org/520668 you may
also like to read the discussion about tcp(7) man page at
7 matches
Mail list logo
