Drawbacks
The use of SYN cookies does not break any protocol specifications, and therefore should be compatible with all TCP implementations. There are, however, two caveats that take effect when SYN cookies are in use. Firstly, the server is limited to only 8 unique MSS values, as that is all that can be encoded in 3 bits. Secondly, the server must reject all TCP options (such as large windows), because the server discards the SYN queue entry where that information would otherwise be stored.
While these restrictions necessarily lead to a sub-optimal experience, their effect is rarely noticed by clients. Furthermore, these restrictions need only apply when the server is under attack, and the connection would have otherwise been denied. In such a situation, the loss of a few of the more esoteric options in order to save the connection is usually a reasonable compromise. Version 2.6.26 of the Linux kernel added limited support of TCP options, by encoding them into the timestamp.
The newer TCP Cookie Transactions (TCPCT) standard is designed to overcome these shortcomings of SYN cookies and improve it on a couple of aspects. Unlike SYN cookies, TCPCT is a TCP extension and requires support from both endpoints.
Read more about this topic: SYN Cookies
Famous quotes containing the word drawbacks:
“France has neither winter nor summer nor morals—apart from these drawbacks it is a fine country.”
—Mark Twain [Samuel Langhorne Clemens] (1835–1910)