From owner-freebsd-net  Sat Apr 22 11:24:36 2000
Delivered-To: freebsd-net@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP id 6058637B759
	for <freebsd-net@FreeBSD.ORG>; Sat, 22 Apr 2000 11:24:33 -0700 (PDT)
	(envelope-from robert@cyrus.watson.org)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.9.3/8.9.3) with SMTP id OAA01768;
	Sat, 22 Apr 2000 14:24:24 -0400 (EDT)
	(envelope-from robert@cyrus.watson.org)
Date: Sat, 22 Apr 2000 14:24:23 -0400 (EDT)
From: Robert Watson <rwatson@FreeBSD.ORG>
X-Sender: robert@fledge.watson.org
To: Assar Westerlund <assar@sics.se>
Cc: freebsd-net@FreeBSD.ORG
Subject: Re: netkill - generic remote DoS attack (fwd)
In-Reply-To: <5lu2guhy05.fsf@assaris.sics.se>
Message-ID: <Pine.NEB.3.96L.1000422141140.857D-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On 22 Apr 2000, Assar Westerlund wrote:

> Robert Watson <rwatson@FreeBSD.ORG> writes:
> > 2) Enable keep-alives on all connections by default (we should probably do
> >    this anyway for other reasons)
> 
> I thought phk had already done this?
> 
> net.inet.tcp.always_keepalive: 1
> 
> See defaults/rc.conf:1.10

Any idea what the default idle time before keepalives kick in is?
Presumably would could adaptively change that time as the legitimacy of
the connection is determined -- i.e., really short keepalive time early in
the connection, longer later once the connection has had the opportunity
to in some way demonstrate increased legitimacy.

Of course, attacks can always become more sophisticated, but I think it's
worth handling the network-layer protocol limitations either way, as it
improves scalability, et al.  We do have to be careful not to
over-increase the brittleness of the TCP implementation as a side effect,
however. 

  Robert N M Watson 

robert@fledge.watson.org              http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37  ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message