Date: Tue, 25 Apr 2000 10:20:48 -0400 (EDT) From: stanislav shalunov <shalunov@att.com> To: louie@TransSys.COM Cc: net@FreeBSD.ORG Subject: Re: netkill - generic remote DoS attack (fwd) Message-ID: <200004251420.KAA54917@tuzik.lz.att.com> In-Reply-To: <200004250249.WAA54708@whizzo.transsys.com> (louie@TransSys.COM) References: <Pine.NEB.3.96L.1000424121428.15998C-100000@fledge.watson.org> <200004250249.WAA54708@whizzo.transsys.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> From: "Louis A. Mamakos" <louie@TransSys.COM> > Assuming you've got a good round trip time estimation, the timeout > shouldn't need to take very long. Generally reducing timeouts (even when there's no attack) is bad. Also, reducing timeouts only linearly affects the amount of consumed memory and doesn't therefore solve the problem. Additionally, connection in FIN_WAIT_1 state may need dozens of round-trip times to time out. Since I fake RTT in netkill (artificially delaying second packet) there's not much space to lower the timeout. It should also be pointed out that TCP keepalive options are irrelevant: the retransmit timer gets started immediately, because there's outstanding data. Keepalives would never kick in, and aren't necessary. -- stanislav shalunov, WHPD, shalunov@att.com 732-576-3252 10:20AM up 190 days, 23:43, 6 users, load averages: 0.00, 0.00, 0.07 "I must have a prodigious quantity of mind; it takes me as much as a week sometimes to make it up." -- Mark Twain, "The Innocents Abroad" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200004251420.KAA54917>