On Fri, Mar 07, 2003 at 08:22:49AM +0000, Kamal R Prasad wrote:

> Im looking at providing a fix for a DDoS wherein the attacker uses many
> machines to attack a system. note that an attack involves sending something
> like a flood of SYNs and not responding to the SYN ACK

Ah, that thing ;-)

You don't run out of interrupts with that. You might run out of memory for
the syn cache.

Could someone please remind me why the syn-cookie aproach was considered bad?

Martin