Hello Everyone, I have 2 different suggestions about syn-cookies method which is used to block syn-flood attacks. Syn cookies bitwise image --------------------------------------------- T(5 bits) ---MSS(3 bits)-----H(24 bits) --------------------------------------------- So, 1- T value can be decreased to 2 bit which is already 5 bit.And hash value will be 27 bit. 2-Normally syn-cookies is activated when syn-list is fulled. At this point I suggest a hybrid system.Syn packages and eck packages which received to server will be counted, if the difference is bigger than a reference value syn-cookies will be activated. In other words syn-cookies mechanism will be in automatic control. Now I have two questions; 1-How can I invoke syn-cookies structure into Linux Kernel? 2-How can I know when syn-list is fulled? Thank you everyone, if you have any suggestions please let me know.