Os cookies SYN estão desativados por padrão. Essa deve ser uma indicação razoável do que você deve fazer, sem conhecimento específico em contrário. Mais especificamente, tcp
(7) diz :
The syncookies feature attempts to protect a socket from a SYN flood attack. This should be used as a last resort, if at all. This is a violation of the TCP protocol, and conflicts with other areas of TCP such as TCP extensions. It can cause problems for clients and relays. It is not recommended as a tuning mechanism for heavily loaded servers to help with overloaded or misconfigured conditions.