Date: Mon, 26 Jul 2021 21:00:10 +0100 From: Norman Gray <gray@nxg.name> To: "Steve O'Hara-Smith" <steve@sohara.org>, Arthur Chance <freebsd@qeng-ho.org> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Detecting or mitigating syn-flood attacks Message-ID: <EC512AF0-55A4-42E7-90E6-D0AB01455F43@nxg.name> In-Reply-To: <20210726144238.2245630e959724dc1df1794e@sohara.org> References: <57893A91-2180-441F-836F-66EAC526FBB8@nxg.name> <20210726144238.2245630e959724dc1df1794e@sohara.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Arthur and Steve, hello. On 26 Jul 2021, at 14:42, Steve O'Hara-Smith wrote: > There's a paper on using syncache for the purpose: Many thanks, both. I'll read through that paper carefully, and see if, following Arthur's suggestion, there's a way of including net.inet.tcp.syncache.count in our monitoring (in particular to try to work out what value of 'count' counts as 'a lot'). I'll try to remember to report back here. Best wishes, Norman -- Norman Gray : https://nxg.me.uk
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?EC512AF0-55A4-42E7-90E6-D0AB01455F43>