So I have ubuntu 12.04 x32 in a VM with syncookies turned off. I tried to do a syn flood (with netwox) on 3 different processes. Each of them returns a different value with netstat -na | grep -c RECV :
nc -l 5555 returns 16 (netcat-traditional) apache2 port 80 returns 256 vsftpd on 21 returns 64. net.ipv4.tcp_max_syn_backlog is 512. Why do these different processes on different ports have different queue lengths for incomplete connections? Where exactly in the kernel is this decided?
