FengYue wrote:
>
> Hi, I know this is an old topic but I don't seem to find answers
> to my questions in the mailing list archives.
>
> I'm wondering why FreeBSD did not implement the SYN cookies method
> that is currently implemented in Linux? To my best understanding,
> SYN cookie seems to be a better method against SYS flood than
> the random drop method. It seems both OpenBSD and FreeBSD have
> implemented the random drop method. I guess there are must be some
> "bad things" about SYN cookies that I don't know about.
A quick search of the net, hackers, and security mail lists turned
up a number of hits for "syn cookie", including several with URL
references to weaknesses in the scheme.
http://www.FreeBSD.org/cgi/search.cgi?words=syn+cookie&max=50&sort=score&source=freebsd-security&source=freebsd-hackers&source=freebsd-net
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
[EMAIL PROTECTED] http://softweyr.com/
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
