From owner-freebsd-net  Tue Apr 25  7:22:53 2000
Delivered-To: freebsd-net@freebsd.org
Received: from ckmso1.proxy.att.com (ckmso1.att.com [12.20.58.69])
	by hub.freebsd.org (Postfix) with ESMTP id 235E537BD0B
	for <net@FreeBSD.ORG>; Tue, 25 Apr 2000 07:22:45 -0700 (PDT)
	(envelope-from shalunov@att.com)
Received: from tuzik.lz.att.com ([135.25.200.84])
	by ckmso1.proxy.att.com (AT&T IPNS/MSO-2.2) with ESMTP id KAA21216;
	Tue, 25 Apr 2000 10:21:47 -0400 (EDT)
Received: (from shalunov@localhost)
	by tuzik.lz.att.com (8.9.2/8.9.2) id KAA54917;
	Tue, 25 Apr 2000 10:20:48 -0400 (EDT)
	(envelope-from shalunov@att.com)
Date: Tue, 25 Apr 2000 10:20:48 -0400 (EDT)
Message-Id: <200004251420.KAA54917@tuzik.lz.att.com>
From: stanislav shalunov <shalunov@att.com>
To: louie@TransSys.COM
Cc: net@FreeBSD.ORG
In-reply-to: <200004250249.WAA54708@whizzo.transsys.com> (louie@TransSys.COM)
Subject: Re: netkill - generic remote DoS attack (fwd)
References: <Pine.NEB.3.96L.1000424121428.15998C-100000@fledge.watson.org> <200004250249.WAA54708@whizzo.transsys.com>
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> From: "Louis A. Mamakos" <louie@TransSys.COM>

> Assuming you've got a good round trip time estimation, the timeout
> shouldn't need to take very long.

Generally reducing timeouts (even when there's no attack) is bad.
Also, reducing timeouts only linearly affects the amount of consumed
memory and doesn't therefore solve the problem.

Additionally, connection in FIN_WAIT_1 state may need dozens of
round-trip times to time out.  Since I fake RTT in netkill
(artificially delaying second packet) there's not much space to lower
the timeout.

It should also be pointed out that TCP keepalive options are
irrelevant: the retransmit timer gets started immediately, because
there's outstanding data.  Keepalives would never kick in, and aren't
necessary.

-- 
stanislav shalunov,	WHPD,	shalunov@att.com	732-576-3252
10:20AM  up 190 days, 23:43, 6 users, load averages: 0.00, 0.00, 0.07

"I must have a prodigious quantity of mind; it takes me as much as a
week sometimes to make it up."	-- Mark Twain, "The Innocents Abroad"


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message