Archivovaná správa #1308 diskusnej skupiny ecs-isp@2rosenthals.com predchádzajúca správa ?alšia správa spä? do zoznamu

Od: "Massimo S." <ecs-isp@2rosenthals.com> Celá hlavi?ka
Nedekódovaná správa
Hlavi?ka: DDOS attacks and tcp/ip SYNCOOKIE flag
Dátum: Wed, 4 Feb 2026 13:38:48 +0100
Komu: eCS ISP Mailing List <ecs-isp@2rosenthals.com>

Hi all,

to mitigate the effects of DDOS attacks (eg. the ones on port 80 and 443) it is
suggested to turn ON syncookie tcp/ip flag.

But i've realized that on eCS and AOS this parameter give a number of issues.

Clients start calling that images on websites do not load correctly or take
a lot of time to render/complete.

While i've also seen that turning ON this flag increase the instability
of the web server VM at the point that the entire OS can completely freeze
(this on eCS and AOS too).

The flag SYNATTACK seems to work properly instead, but SYNCOOKIE i guess
it's very bugged.


massimo
Prihlási?: Nap??a?, Súhrn, Index.
Odhlási?
Mail na ListMastera