From owner-freebsd-security  Tue Aug  3  6: 7:43 1999
Delivered-To: freebsd-security@freebsd.org
Received: from hotmail.com (f22.hotmail.com [207.82.251.202])
	by hub.freebsd.org (Postfix) with SMTP id 03B1114DDE
	for <freebsd-security@FreeBSD.ORG>; Tue,  3 Aug 1999 06:07:41 -0700 (PDT)
	(envelope-from madrapour@hotmail.com)
Received: (qmail 13892 invoked by uid 0); 3 Aug 1999 13:07:01 -0000
Message-ID: <19990803130701.13891.qmail@hotmail.com>
Received: from 195.96.144.201 by www.hotmail.com with HTTP;
	Tue, 03 Aug 1999 06:07:01 PDT
X-Originating-IP: [195.96.144.201]
From: "N. N.M" <madrapour@hotmail.com>
To: freebsd-security@FreeBSD.ORG
Subject: Re: Increasing SYN-ACK queue
Date: Tue, 03 Aug 1999 06:07:01 PDT
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>According to Slawek Zak:
>>I think that the original poster aked about the default value for all 
>>connections. Is there any way to do this ?
>
>Increase the following variable:
>
>kern.ipc.somaxconn: 128
>--
>Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=-

Thanks all for your replies.
Slawek is right, I wanted to know how I can increase the size of "SYN-ACK 
queue" and also decrease the "time-out waiting", both for all TCP 
connections. This will reduce the probabilty of being a victem of SYN 
Attack.
Anyway, "kern.ipc.somaxconn" variable seems to be related to "SYN-ACK 
queue". Does anybody know about the variable related to "time-out waiting" 
which this is the amount of time that a connection is allowed to stay in a 
half-open state.
Beside, what considerations must be concerned when changing the amount of 
these variables? Is there any fixed and tested amount for them?


thanks,
Nazila


______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message