|
|
@@ -303,7 +303,7 @@ config ARPD
|
|
|
If unsure, say N.
|
|
|
|
|
|
config SYN_COOKIES
|
|
|
- bool "IP: TCP syncookie support (disabled per default)"
|
|
|
+ bool "IP: TCP syncookie support"
|
|
|
---help---
|
|
|
Normal TCP/IP networking is open to an attack known as "SYN
|
|
|
flooding". This denial-of-service attack prevents legitimate remote
|
|
|
@@ -328,13 +328,13 @@ config SYN_COOKIES
|
|
|
server is really overloaded. If this happens frequently better turn
|
|
|
them off.
|
|
|
|
|
|
- If you say Y here, note that SYN cookies aren't enabled by default;
|
|
|
- you can enable them by saying Y to "/proc file system support" and
|
|
|
+ If you say Y here, you can disable SYN cookies at run time by
|
|
|
+ saying Y to "/proc file system support" and
|
|
|
"Sysctl support" below and executing the command
|
|
|
|
|
|
- echo 1 >/proc/sys/net/ipv4/tcp_syncookies
|
|
|
+ echo 0 > /proc/sys/net/ipv4/tcp_syncookies
|
|
|
|
|
|
- at boot time after the /proc file system has been mounted.
|
|
|
+ after the /proc file system has been mounted.
|
|
|
|
|
|
If unsure, say N.
|
|
|
|
Florian Westphal