From owner-freebsd-security  Thu May 13 18:28:15 1999
Delivered-To: freebsd-security@freebsd.org
Received: from gw.whitefang.com (calnet11-70.gtecablemodem.com [207.175.234.70])
	by hub.freebsd.org (Postfix) with SMTP id AE91D1522E
	for <security@FreeBSD.ORG>; Thu, 13 May 1999 18:28:06 -0700 (PDT)
	(envelope-from shadows@whitefang.com)
Received: (qmail 4467 invoked from network); 14 May 1999 01:28:05 -0000
Received: from rage.whitefang.com (shadows@192.168.1.3)
  by gw.whitefang.com with SMTP; 14 May 1999 01:28:05 -0000
Date: Thu, 13 May 1999 18:27:13 -0700 (PDT)
From: Thamer Al-Herbish <shadows@whitefang.com>
To: security@FreeBSD.ORG
Subject: Re: Forwarded from BUGTRAQ: SYN floods against FreeBSD
In-Reply-To: <4.2.0.37.19990513161529.00c1e3f0@localhost>
Message-ID: <Pine.BSF.4.05.9905131824250.267-100000@rage.whitefang.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, 13 May 1999, Brett Glass wrote:

> available (default to 100). This is the maximium number of SYNs per second
> that will be processed, the rest will be silently discarded. On my test

If I'm reading this correctly, it would not be very effective. I
believe the OpenBSD fix was to randomly drop ports per a syn flooded
port. So it would be "fair." Dropping all SYNs after a number of SYNs
come in seems to be counter productive.

Or does this actually work?

--
Thamer Al-Herbish                     PGP public key:
shadows@whitefang.com                 http://www.whitefang.com/pgpkey.txt
[ The Secure UNIX Programming FAQ     http://www.whitefang.com/sup/  ]



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message