please i want to know is (syn-cookie) differs from the hop count filtering(HCF) method in it’s duty?
if yes what is exactly the difference(except that HCF work with all types of packets)
i am not exactly can judge which method is best please if any one have an idea, please tell me
please i read about each for sooo much time, but i still need an advice, is using them together (for the purpose of countermeasure of TCP-syn flooding) is wise or well?????

thank you in advance for any any help
best regards

I haven't really studied these until today, but from the information I have gathered today they are in fact quite similar. Also it seems that the techniques would in fact work well together in my opionion. Major diffrence?

syn-cookie: Uses a timestamp and uses that to create a queue associated with the client, also provides an encrypted portion to ensure client integrity.

HFC: Uses hops(the distance from client to server) and basically creates a list of valid ip -> to hops to check against and filter out possible ip's that have been spoofed.

As far as you question reguarding using them together like I said they seem to work well together and both are great counter-measures however according to the information I gathered syn-cookie has been updated and replaced with tcpct which is a tcp extension and would probably be prefered over syn-cookie so you may want to research that as well.

commented: thank you for your huge attention,helpful information and clear sentances +2