From owner-cvs-all Wed Dec 19 5:44:15 2001 Delivered-To: cvs-all@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 8FFBF37B416; Wed, 19 Dec 2001 05:44:04 -0800 (PST) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.6/8.11.5) with SMTP id fBJDi2i65648; Wed, 19 Dec 2001 08:44:02 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Wed, 19 Dec 2001 08:44:02 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: Jonathan Lemon Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet tcp_syncache.c In-Reply-To: <200112190612.fBJ6CE264053@freefall.freebsd.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Further cheers expand onto the scene. :-) Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services On Tue, 18 Dec 2001, Jonathan Lemon wrote: > jlemon 2001/12/18 22:12:14 PST > > Modified files: > sys/netinet tcp_syncache.c > Log: > Extend the SYN DoS defense by adding syncookies to the syncache. > All TCP ISNs that are sent out are valid cookies, which allows entries > in the syncache to be dropped and still have the ACK accepted later. > As all entries pass through the syncache, there is no sudden switchover > from cache -> cookies when the cache is full; instead, syncache entries > simply have a reduced lifetime. More details may be found in the > "Resisting DoS attacks with a SYN cache" paper in the Usenix BSDCon 2002 > conference proceedings. > > Sponsored by: DARPA, NAI Labs > > Revision Changes Path > 1.6 +193 -14 src/sys/netinet/tcp_syncache.c > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message