Mailing List ecs-isp@2rosenthals.com Archived Message #1309 previous message next message back to list

From: "Roderick Klein" <ecs-isp@2rosenthals.com> Full Headers
Undecoded message
Subject: Re: [eCS-ISP] DDOS attacks and tcp/ip SYNCOOKIE flag
Date: Wed, 4 Feb 2026 14:15:22 +0100
To: eCS ISP Mailing List <ecs-isp@2rosenthals.com>

Op 4-2-2026 om 13:38 schreef Massimo S.:
Hi all,

to mitigate the effects of DDOS attacks (eg. the ones on port 80 and 443) it is
suggested to turn ON syncookie tcp/ip flag.

But i've realized that on eCS and AOS this parameter give a number of issues.

Clients start calling that images on websites do not load correctly or take
a lot of time to render/complete.

While i've also seen that turning ON this flag increase the instability
of the web server VM at the point that the entire OS can completely freeze
(this on eCS and AOS too).

The flag SYNATTACK seems to work properly instead, but SYNCOOKIE i guess
it's very bugged.


When I worked at Mensys with the servers there was indeed one of the attack protection settings that will make your webserver less stable.

And since ArcaOS and eCS run the same version of the TCP/IP stack they are both having the same defect. I think it was syncookie indeed that caused is broken.

Roderick
Subscribe: Feed, Digest, Index.
Unsubscribe
Mail to ListMaster