Date: Wed, 19 Dec 2001 08:50:21 -0500 (EST) From: Mike Silbersack <silby@silby.com> To: Robert Watson <rwatson@FreeBSD.org> Cc: Jonathan Lemon <jlemon@FreeBSD.org>, <cvs-committers@FreeBSD.org>, <cvs-all@FreeBSD.org> Subject: Re: cvs commit: src/sys/netinet tcp_syncache.c Message-ID: <Pine.BSF.4.30.0112190849450.16801-100000@niwun.pair.com> In-Reply-To: <Pine.NEB.3.96L.1011219084343.55373B-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
You're just happy that you have something to put in the monthly status report. :) Mike "Silby" Silbersack On Wed, 19 Dec 2001, Robert Watson wrote: > Further cheers expand onto the scene. :-) > > Robert N M Watson FreeBSD Core Team, TrustedBSD Project > robert@fledge.watson.org NAI Labs, Safeport Network Services > > On Tue, 18 Dec 2001, Jonathan Lemon wrote: > > > jlemon 2001/12/18 22:12:14 PST > > > > Modified files: > > sys/netinet tcp_syncache.c > > Log: > > Extend the SYN DoS defense by adding syncookies to the syncache. > > All TCP ISNs that are sent out are valid cookies, which allows entries > > in the syncache to be dropped and still have the ACK accepted later. > > As all entries pass through the syncache, there is no sudden switchover > > from cache -> cookies when the cache is full; instead, syncache entries > > simply have a reduced lifetime. More details may be found in the > > "Resisting DoS attacks with a SYN cache" paper in the Usenix BSDCon 2002 > > conference proceedings. > > > > Sponsored by: DARPA, NAI Labs > > > > Revision Changes Path > > 1.6 +193 -14 src/sys/netinet/tcp_syncache.c > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.30.0112190849450.16801-100000>