Re: [eCS-ISP] DDOS attacks and tcp/ip SYNCOOKIE flag
Date:
Wed, 04 Feb 2026 21:30:07 +0800 (AWS)
To:
"Massimo S." <ecs-isp@2rosenthals.com>
Hi Massimo,
> to mitigate the effects of DDOS attacks (eg. the ones on port 80 and 443) it is
> suggested to turn ON syncookie tcp/ip flag.
syncookie is broken on OS/2's implementation, do not turn it on.
Cheers
Ian Manners
> But i've realized that on eCS and AOS this parameter give a number of issues.
>
> Clients start calling that images on websites do not load correctly or take
> a lot of time to render/complete.
>
> While i've also seen that turning ON this flag increase the instability
> of the web server VM at the point that the entire OS can completely freeze
> (this on eCS and AOS too).
>
> The flag SYNATTACK seems to work properly instead, but SYNCOOKIE i guess
> it's very bugged.
>
>
> massimo
>
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> This message is sent to you because you are subscribed to
> the mailing list <ecs-isp@2rosenthals.com>.
> To unsubscribe, E-mail to: <ecs-isp-off@2rosenthals.com>
> To switch to the DIGEST mode, E-mail to <ecs-isp-digest@2rosenthals.com>
> To switch to the INDEX mode, E-mail to <ecs-isp-index@2rosenthals.com>
> Send administrative queries to <ecs-isp-request@2rosenthals.com>
> To subscribe (new addresses), E-mail to: <ecs-isp-on@2rosenthals.com> and reply to the confirmation email.
> Web archives are publicly available at: http://lists.2rosenthals.com
>
> This list is hosted by Rosenthal & Rosenthal, LLC
> P.O. Box 281, Deer Park, NY 11729-0281. Non-
> electronic communications related to content
> contained in these messages should be directed
> to the above address. (CAN-SPAM Act of 2003)
>
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>
>
back to list