From owner-freebsd-questions Thu Oct 19 9:27:25 2000 Delivered-To: freebsd-questions@freebsd.org Received: from malkav.snowmoon.com (ip-208-20-126-237.cdcsd.k12.ny.us [208.20.126.237]) by hub.freebsd.org (Postfix) with SMTP id 2D1F337B4CF for ; Thu, 19 Oct 2000 09:27:23 -0700 (PDT) Received: (qmail 53314 invoked by uid 1003); 19 Oct 2000 16:27:00 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 19 Oct 2000 16:27:00 -0000 Date: Thu, 19 Oct 2000 12:27:00 -0400 (EDT) From: "Marius M. Rex" To: freeBSD-questions@FreeBSD.org Subject: TCP-ack traffic Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I heard somewhere recently that Yahoo had come up with a modification to FreeBSD to help protect against DOS attacks. It waits until the first true byte of actual data comes through before opening a path to it's services. Is this code available, and where so? I also heard say that it was ported over to a Linux kernel patch. Basically at my company we have clustered webservers. Some clusters serve images, others static pages, others handle databse calls, etc. We have recently had some problems where one server in a cluster gets a request, spawns a bunch of child processes for Apache to server the requests, but then gets no data for a significant amount of time. (say 30 seconds) That leaves the server that is trying to serve those requests crunching processor time for no reason, and other servers sitting around and doing nothing. Webservers end up acting non-responcive, and my beeper goes off. (You see where my priorities lie, don't-cha?) Looking at the numbers, I think this happens to to our linux boxes more then our FreeBSD boxes. (We have more linux boxes then FreeBSD. We use FreeBSD for the -heavy- traffic servers, and linux for everything else.) It may be that we just have so many more linux boxes that then numbers are obviously skewed. Or perhaps this modification has just been added to the FreeBSd code? (I am tracking stable) Unfortunately I am working on rumors. If any of my babbling rings a bell for someone, could they please point me to more info? I also want to track down that Linux kernel patch, if I can. ------------------------------------------------------------------------- Marius M. Rex "Well," Brahma said, "even after ten thousand explanations, a fool is no wiser, but an intelligent man requires only two thousand five hundred." -- The Mahabharata To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message