Am Montag, 21. Januar 2002 11:00 schrieb christian.burri@synecta.ch:
don't worry about those log messages, it just means that there was a high amount of traffic (SYN's in particular) detected on port 80 and that therefore the server will send out SYN cookies. (...) This was designed to prevent spoofed SYNs from exhausting all resources on your server machine (by leaving tons of half-open connections).
I would recommend that you don't turn that off, but thats just my humble opinion.
If you have a really busy server, and your requests come from a busy proxy (aol.com, t-online.de) your syn-flood protection could deny legitimate users. But I agree with you that this setting is useful and should not be deactivated if you don't have a loadbalancing cluster where the bottleneck is the public host. I would investigate further with tools like tcpdump and look if there are only packets to port 80 with the syn-bit set. If the other system does not try to fully establish the connection, the kernel does its best to prevent a DoS attack. I got messages from scandlogd that a ftp-server tries to port-scan me, and the first time I was about to shutdown my machine, but it was myself who activated the yast online update and the other server was responding very fast and send me all needed files without large gaps. If he tries to benchmark his system to see how many hits his webserver can support, this setting is probably not needed, but I would do this benchmark in a network not connected to other networks (esp. the internet) and switch this setting of for the duration of the benchmark. Peter