Date: Fri, 20 Sep 1996 10:55:07 -0600 From: Warner Losh <imp@village.org> To: Karl Denninger <karl@Mcs.Net> Cc: security@freebsd.org Subject: Re: comments on the SYN attack Message-ID: <199609201655.KAA00661@rover.village.org> In-Reply-To: Your message of "Fri, 20 Sep 1996 11:36:08 CDT." <199609201636.LAA14219@Jupiter.Mcs.Net> References: <199609201636.LAA14219@Jupiter.Mcs.Net>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <199609201636.LAA14219@Jupiter.Mcs.Net> Karl Denninger writes: : The effect of this is that the *probability* will favor the "bad guy" : getting dropped, and the legitimate users will likely get serviced *before* : they get all the way to the end of the queue -- assuming it is a reasonable : length (say, 200-300 entries). I agree with that. My assertion, that I still need to test, is randomly dropping does an even better job. However, dropping the oldest is likely good enough for everyone that isn't sitting on a DS3 and isn't worried about an internal SYN attack over, say, a 100Mb ethernet. I'm in the process of upgrading from about august 20ish -current to a sept 20 -current (not that all parts of the 51 part ctm and the 45 part ctm have arrived). I'll have to try the syn bomber at 10Mb ethernet speeds against some patches that have floated accross that discard the oldest one (which are for OpenBSD, but I'm checking both oses :-). I'll then modify them to be random discard and see if that helps, hurts or is about the same. That will likely take a little while to complete, since I'm multiplexing with other things as well and since my machine takes 8-10 hours to do a make world. Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199609201655.KAA00661>