On Sun, Jul 11, 2004 at 01:04:59PM +0200, Bastian Blank wrote: > On Sun, Jul 11, 2004 at 11:43:57AM +0200, Christoph Hellwig wrote: > > CONFIG_SYN_COOKIES > > > > Syn cookies are bad idea in these day's internet, no need to > > waste space for support. > > Err, you want to make any machine DoSable by SYN-floods? Please describe > why.
SYN floods are the least of your worries on today's internet -- a DDoS isn't protected against by SYN cookies. SYN cookies also prevent using large windows so reduce your performance on cases you actually care about. -- "Next the statesmen will invent cheap lies, putting the blame upon the nation that is attacked, and every man will be glad of those conscience-soothing falsities, and will diligently study them, and refuse to examine any refutations of them; and thus he will by and by convince himself that the war is just, and will thank God for the better sleep he enjoys after this process of grotesque self-deception." -- Mark Twain
