On Tue, 2003-03-11 at 14:40, Henrik Nordstrom wrote:
> > In fact for one of our clients just putting squid in front of their
> > servers and enabling syncookies allowed them to operate through a
> > synflood attack which until then had crippled their windows servers.
> > This is a great advantage to the current model :)
>
> Which is a very different story from the case of SYN flood protecting in
> a transparent proxy with deferred client accepts until the server
> connection have been established..
My point was that perhaps it is better to keep syncookies and break
end-to-end, after all we can do that today :)
-- // Gianni Tedesco (gianni at scaramanga dot co dot uk) lynx --source www.scaramanga.co.uk/gianni-at-ecsc.asc | gpg --import 8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:19:32 MST