Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Wed, 9 Oct 2002 08:24:54 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Wed, 9 Oct 2002 08:24:54 -0400 Received: from host213-121-105-39.in-addr.btopenworld.com ([213.121.105.39]:6802 "EHLO mail.dark.lan") by vger.kernel.org with ESMTP id ; Wed, 9 Oct 2002 08:24:53 -0400 Subject: Re: [patch] tcp connection tracking 2.4.19 From: Gianni Tedesco To: Roberto Nibali Cc: Martin Renold , linux-kernel@vger.kernel.org In-Reply-To: <3DA348EF.7060709@drugphish.ch> References: <20021008205053.GA2621@old.homeip.net> <3DA348EF.7060709@drugphish.ch> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-ngVJRBBZ8jPe0UHP9+ml" Organization: Message-Id: <1034166655.30384.13.camel@lemsip> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.1.1.99 (Preview Release) Date: 09 Oct 2002 13:30:55 +0100 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1519 Lines: 45 --=-ngVJRBBZ8jPe0UHP9+ml Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 2002-10-08 at 22:06, Roberto Nibali wrote: > Welcome to the world of almost-stateful packet filtering. Hey, other=20 > than that, the 3wahas 'exploit' is old. Also don't I understand why they=20 > claim that SYN cookies prevent syn flooding. Next time you meet someone=20 > of the guys, tell them about the backlog queue. >=20 "When syncookies are enabled the packets are still answered and this value [tcp_max_syn_backlog] is effectively ignored." -- From tcp(7) manpage. The whole point of syncookies is to negate the need for a backlog queue. Or did I miss your point? --=20 // Gianni Tedesco (gianni at ecsc dot co dot uk) lynx --source www.scaramanga.co.uk/gianni-at-ecsc.asc | gpg --import 8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D --=-ngVJRBBZ8jPe0UHP9+ml Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA9pCF/kbV2aYZGvn0RAmmLAJ9x//QrNXuDU57xrvKfUdHa6bT/aQCePVbh AsK2Cvm0GgTjI6oyd3NL2b8= =Nq9t -----END PGP SIGNATURE----- --=-ngVJRBBZ8jPe0UHP9+ml-- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/