Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 25 Apr 2000 10:20:48 -0400 (EDT)
From:      stanislav shalunov <shalunov@att.com>
To:        louie@TransSys.COM
Cc:        net@FreeBSD.ORG
Subject:   Re: netkill - generic remote DoS attack (fwd)
Message-ID:  <200004251420.KAA54917@tuzik.lz.att.com>
In-Reply-To: <200004250249.WAA54708@whizzo.transsys.com> (louie@TransSys.COM)
References:  <Pine.NEB.3.96L.1000424121428.15998C-100000@fledge.watson.org> <200004250249.WAA54708@whizzo.transsys.com>

next in thread | previous in thread | raw e-mail | index | archive | help
> From: "Louis A. Mamakos" <louie@TransSys.COM>

> Assuming you've got a good round trip time estimation, the timeout
> shouldn't need to take very long.

Generally reducing timeouts (even when there's no attack) is bad.
Also, reducing timeouts only linearly affects the amount of consumed
memory and doesn't therefore solve the problem.

Additionally, connection in FIN_WAIT_1 state may need dozens of
round-trip times to time out.  Since I fake RTT in netkill
(artificially delaying second packet) there's not much space to lower
the timeout.

It should also be pointed out that TCP keepalive options are
irrelevant: the retransmit timer gets started immediately, because
there's outstanding data.  Keepalives would never kick in, and aren't
necessary.

-- 
stanislav shalunov,	WHPD,	shalunov@att.com	732-576-3252
10:20AM  up 190 days, 23:43, 6 users, load averages: 0.00, 0.00, 0.07

"I must have a prodigious quantity of mind; it takes me as much as a
week sometimes to make it up."	-- Mark Twain, "The Innocents Abroad"


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200004251420.KAA54917>