27 Jun
2017
27 Jun
'17
5:16 p.m.
Andrew,
Yes, I noticed that my device is actually blocking the traffic by
implementing SYN Cookies and SYN Flood firewall rules. It was logged by
the system, but no SYN_Floods made it through.
Further inspecting the firewall, only 5 packets in over 20,000 were
dropped. Perhaps the SYN Flood setting is too sensitive for a series of
multiple DNS queries at the same time. The "block SYN Flood" setting is
pre-built by LEDE, so I'll have to review the rules as they pertain to
behavior with TCP DNS queries.
- KB3VWG
So not sure if your concern is primarily about the SYN
flood or
something else, but the system tuning in SYN cookies is a great thing.
Essentially it's a challenge-response for the users to do the heavy
lifting before the host goes through the motions to set up a TCP flow
and consume resources. Essentially this limits the 3WS to completing
only for valid connections.