On Mon, Jan 08, 2007 at 03:19:47PM +0100, Andi Kleen wrote: Hi,
> > Since you wrote much of the text of tcp.7, I thought it might be best to > > consult you. > > > > Would you be willing to take a look at the patch proposed here, and comment? > > > > For the full thread, see: > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=253588 > > I don't think such a detailed discussion fits into the manpage. It drowns > the other information and doesn't fit. > > If you want to change anything just say that syncookies are deprecated and > shouldn't > be used anymore. It's been two weeks and no actual arguments were voiced for or against my proposed patch. tcp.7 contains bad FUD about syncookies, which is a disgrace. Nothing shipped by Debian should contain FUD. See the wikipedia article at http://en.wikipedia.org/wiki/Syncookies which also says that 'The use of SYN Cookies does not break any protocol specifications, and therefore should be compatible with all TCP implementations.' This is actually a well-known fact in the security community, which makes the presence of the FUD in tcp.7 all the more appalling. If you have any more technical concerns, I can refer you to peer-reviewed papers that deal with anti-synflood mechanisms. You won't find any that support the view that '[syncookies are] a violation of the TCP protocol.' No arguments have been brought forth to support this view in this thread either. Please, remove the FUD. I'd be happy to help, so if you don't like my proposed text, tell me how it should be different (e.g. shorter); but let's not wait another three years, shall we? Andras -- Andras Korn <korn at chardonnay.math.bme.hu> <http://chardonnay.math.bme.hu/~korn/> QOTD: My software never has bugs. It just develops random features. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]