Andrew Brown writes:
> >> solaris 2.3 and 2.4 had something called tcp_eager_listeners which was
> >> (i believe) implemented as a system-wide setting to affect tcp
> >> connections.  what it did was cause the accept() call to return after
> >> receipt of the initial syn packet, not after the entire three-way
> >> handshake had completed.
> >
> >Great. That will make SYN attacks even more effective at crippling
> >machines.
> 
> well...even if you put it in your kernel, you wouldn't have to use it,
> would you?

No, but I generally don't hand people loaded guns that will only fire
at their own feet...

> besides, maybe it's not for everyone (certainly not you, it would
> seem).  i just thought it would be fun to do, that's all.  can you
> blame me for wanting to learn and experiment?

No, I can't blame you for wanting to learn, but I could blame you for
suggesting we actually add it. :)

Perry

PS don't take it too hard -- I'm not trying to attack you...