From: "Roderick Klein" <ecs-isp@2rosenthals.com>
Received: from [192.168.100.201] (HELO mail.2rosenthals.com)
  by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10)
  with ESMTP id 640134 for ecs-isp@2rosenthals.com; Wed, 04 Feb 2026 08:15:29 -0500
Received: from secmgr-va.2rosenthals.com ([50.73.8.217]:60882 helo=mail2.2rosenthals.com)
	by mail.2rosenthals.com with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.98.2)
	(envelope-from <roderickklein@xs4all.nl>)
	id 1vncj9-000000000oP-1cRf
	for ecs-isp@2rosenthals.com;
	Wed, 04 Feb 2026 08:15:28 -0500
Received: from ewsoutbound.kpnmail.nl ([195.121.94.184]:38551)
	by mail2.2rosenthals.com with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.98.2)
	(envelope-from <roderickklein@xs4all.nl>)
	id 1vncj6-000000005wg-1Urs
	for ecs-isp@2rosenthals.com;
	Wed, 04 Feb 2026 08:15:25 -0500
X-KPN-MessageId: 9040142c-01cb-11f1-afc9-005056994fde
Received: from smtp.kpnmail.nl (unknown [10.31.155.8])
	by ewsoutbound.so.kpn.org (Halon) with ESMTPS
	id 9040142c-01cb-11f1-afc9-005056994fde;
	Wed, 04 Feb 2026 14:15:23 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=xs4all.nl; s=xs4all01;
	h=content-type:from:to:subject:mime-version:date:message-id;
	bh=+KfS9BjjiovtLMrWqMi0wTopQnzL0tUBlySNYR/EtjM=;
	b=K1twzWxQOMUxMywUvwLX4rbUdepC6cNRvS5+L3PLbwBfHSLUPH3LeACylaGbWRNmFl32CMxGVBJC4
	 GHY1MEWgCz6tv8HGDy8gW237vDFS6x57+Zi4fSxxeLZInmrchqE/WW8FEMgJTAB3ZJxTLhBpKpxUzW
	 lYAa0DOtwvBaPwsvoJ2FZoJ1VQ2XFO82ooT/GLl7GHQGnhnTwroJHnKaPXvjtUgCgbi53o5aqgozMP
	 Sq9cjTaOz8qu9vHpa+ecQ2g8sg8hVAFaNn0jVChg5YrBzw6wsiDFVstvj9B0C2NCqTW1TkjTsxNkww
	 EA6IuwI8EmEKyLEoG5F6tWlm212QFGw==
X-KPN-MID: 33|V5gCDxXuqZMmnItIDL3fjrffSo40q+bfh547UZUh/K7JeJkuzAUq2XmV+SRkD/Z
 66+ymhWJQYidHEfQ0l7USlCrE6cS6fvkOIQQ1rmo4MPg=
X-KPN-VerifiedSender: Yes
X-CMASSUN: 33|JTI0nO2WuU7acXso4Lro8KaXhFpLwjGhBot5rstQ7th9F/dO6kF2izBYWRpnUMR
 Eorx8k609p3ppOorJyF+7NA==
X-Originating-IP: 45.138.54.154
Received: from [192.168.243.144] (smcc.connected.by.freedominter.net [45.138.54.154])
	by smtp.xs4all.nl (Halon) with ESMTPSA
	id 900416f0-01cb-11f1-9bfa-00505699d6e5;
	Wed, 04 Feb 2026 14:15:23 +0100 (CET)
Message-ID: <2864e03b-ae08-4d87-be80-258d5f810e55@xs4all.nl>
Date: Wed, 4 Feb 2026 14:15:22 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [eCS-ISP] DDOS attacks and tcp/ip SYNCOOKIE flag
To: eCS ISP Mailing List <ecs-isp@2rosenthals.com>
References: <list-640102@2rosenthals.com>
Content-Language: nl
In-Reply-To: <list-640102@2rosenthals.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

Op 4-2-2026 om 13:38 schreef Massimo S.:
> Hi all,
>
> to mitigate the effects of DDOS attacks (eg. the ones on port 80 and 
> 443) it is
> suggested to turn ON syncookie tcp/ip flag.
>
> But i've realized that on eCS and AOS this parameter give a number of 
> issues.
>
> Clients start calling that images on websites do not load correctly or 
> take
> a lot of time to render/complete.
>
> While i've also seen that turning ON this flag increase the instability
> of the web server VM at the point that the entire OS can completely 
> freeze
> (this on eCS and AOS too).
>
> The flag SYNATTACK seems to work properly instead, but SYNCOOKIE i guess
> it's very bugged.


When I worked at Mensys with the servers there was indeed one of the 
attack protection settings that will make your webserver less stable.

And since ArcaOS and eCS run the same version of the TCP/IP stack they 
are both having the same defect. I think it was syncookie indeed that 
caused is broken.

Roderick