In light of the recently published article on Quick Blind TCP Connection Spoofing with SYN Cookies, I wanted to see what operating systems and distributions have Syncookies enabled by default.
| Distribution | Sysctl | Default |
|---|---|---|
| Ubuntu Linux 12.04 | net.ipv4.tcp_syncookies | On |
| Debian Linux 6 | Off | |
| Debian Linux 7 | On | |
| CentOS 5 | On | |
| CentOS 6 | On | |
| FreeBSD 8 | net.ipv4.tcp_syncookies | On |
| Solaris 10 | Not Implemented | Off |
| OpenBSD 5.3 | Not Implemented | Off |
I'm not sure that turning off Syncookies is the best idea, due to the potential DoS effects from disabling them – applications should use something besides IP addresses for authentication.