From owner-freebsd-security Fri May 14 13:57:47 1999 Delivered-To: freebsd-security@freebsd.org Received: from foobar.franken.de (foobar.franken.de [194.94.249.81]) by hub.freebsd.org (Postfix) with ESMTP id 617C914EAD for ; Fri, 14 May 1999 13:57:37 -0700 (PDT) (envelope-from logix@foobar.franken.de) Received: (from logix@localhost) by foobar.franken.de (8.8.8/8.8.5) id WAA22522; Fri, 14 May 1999 22:57:27 +0200 (CEST) Message-ID: <19990514225726.B22317@foobar.franken.de> Date: Fri, 14 May 1999 22:57:26 +0200 From: Harold Gutch To: Thamer Al-Herbish , security@FreeBSD.ORG Subject: Re: Forwarded from BUGTRAQ: SYN floods against FreeBSD References: <4.2.0.37.19990514133829.0461e220@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: ; from Thamer Al-Herbish on Fri, May 14, 1999 at 01:17:26PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, May 14, 1999 at 01:17:26PM -0700, Thamer Al-Herbish wrote: > On Fri, 14 May 1999, Brett Glass wrote: > > > One question about "the Linux way of doing it" as described > > below. What happens if the secret just happens to be modified > > right after the SYN-ACK? Could be you'd drop a connection or > > two that was legitimate. Seems like you'd need to test against > > an old AND a new secret to avoid the race condition, especially > > in the presence of congestion. > > There were a few "trade offs" with the implementation. I have a copy > of the syn-cookies mailing list archive. Forgot where I originally > got it from: > > http://www.whitefang.com/syn-cookies.txt > I had a look at the archives a few weeks back, just having a quick look at most of the mails. I guess I must have missed those trade offs when reading it not too precisely - I'll check them again. > Oh and here's the obligatory question: has anyone already attempted > to write a cookie mechanism for fbsd? > I considered doing to, but seeing that FreeBSD already takes an (arguable) approach against SYN-floods stopped even thinking of something like that pretty quickly. FreeBSD basically drops sockets in SYN_RCVD state if too many of them are open and another SYN-packet arrives, making place for this new socket. bye, Harold -- Sleep is an abstinence syndrome wich occurs due to lack of caffein. Wed Mar 4 04:53:33 CET 1998 #unix, ircnet To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message