Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 19 Oct 2000 12:27:00 -0400 (EDT)
From:      "Marius M. Rex" <marius@malkav.snowmoon.com>
To:        freeBSD-questions@FreeBSD.org
Subject:   TCP-ack traffic
Message-ID:  <Pine.BSF.4.21.0010191203580.53286-100000@malkav.snowmoon.com>
next in thread | raw e-mail | index | archive | help 

I heard somewhere recently that Yahoo had come up with a modification to
FreeBSD to help protect against DOS attacks.  It waits until the first
true byte of actual data comes through before opening a path to it's
services.  Is this code available, and where so?  I also heard say that it
was ported over to a Linux kernel patch.   

Basically at my company we have clustered webservers.  Some clusters serve
images, others static pages, others handle databse calls, etc.  We have
recently had some problems where one server in a cluster gets a request,
spawns a bunch of child processes for Apache to server the requests, but
then gets no data for a significant amount of time. (say 30
seconds)   That leaves the server that is trying to serve those requests
crunching processor time for no reason, and other servers sitting around
and doing nothing.  Webservers end up acting non-responcive, and my beeper
goes off.  (You see where my priorities lie, don't-cha?)

	Looking at the numbers, I think this happens to to our linux boxes
more then our FreeBSD boxes.  (We have more linux boxes then FreeBSD.  We
use FreeBSD for the -heavy- traffic servers, and linux for everything
else.)  It may be that we just have so many more linux boxes that then
numbers are obviously skewed.  Or perhaps this modification has just been 
added to the FreeBSd code?  (I am tracking stable)    
	Unfortunately I am working on rumors.  If any of my babbling rings
a bell for someone, could they please point me to more info?  I also want
to track down that Linux kernel patch, if I can.
	
-------------------------------------------------------------------------
Marius M. Rex
"Well," Brahma said, "even after ten thousand explanations, a fool is
no wiser, but an intelligent man requires only two thousand five
hundred."
                -- The Mahabharata



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0010191203580.53286-100000>