What are Syn Cookies and how are they used? 

I don't understand how your magic pen works but...Great video!

Nice video. Well explained, and I like that you gave info on the hashing that its doing to check the connection. It seems to me that this is basically helping out the limitation of the TCP stack, knowing that it only has 64k ish of available ports. By doing doing the hashing, well, SYN cookie, you will then be needing to store that somewhere ready for the return connection if it comes. But wherever you are placing that hash, an array etc, won't have the same 64k limitation that the TCP stack has. I would also guess that the array the SYN cookies live inside will have a timeout, basically whatever threshold you have on the t variable. After that, it bins it off anyway.

Woah! He is writing in reverse.

To make sure I understand...when using a DoS mitigation appliance, or firewall with syn cookies enabled, is the initial SYN NOT sent to the server? In other words, the appliance sends the SYN ACK, and awaits an acknowledgement before setting up the session with the server. So the server never knows about the request until the firewall completes the 3-way handshake?

Thanks for the great explanation! Really needed it

Thank you very much, this was very helpful. I hope you make a video about SYN Cache too.

In 3:05, it should be Acknowledgement Number - 1 (instead of Sequence Number ) of the ACK packet. Great video, indeed. Thanks.

very clear explanation .Thanks

Nice explanation

Thanks for the clear explanation

Very clear

Obrigado!

thanks!