From owner-freebsd-security Wed Jan 19 9:29:37 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (Postfix) with ESMTP id 5232C15304 for ; Wed, 19 Jan 2000 09:29:33 -0800 (PST) (envelope-from brett@lariat.org) Received: from workhorse (IDENT:ppp0.lariat.org@lariat.lariat.org [206.100.185.2]) by lariat.lariat.org (8.9.3/8.9.3) with ESMTP id KAA21893; Wed, 19 Jan 2000 10:28:59 -0700 (MST) Message-Id: <4.2.2.20000119102658.01a6c250@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Wed, 19 Jan 2000 10:28:57 -0700 To: Matthew Dillon From: Brett Glass Subject: Re: TCP/IP Cc: Wes Peters , patl@phoenix.volant.org, David Wolfskill , matt@ARPA.MAIL.NET, freebsd-security@FreeBSD.ORG In-Reply-To: <200001190656.WAA33816@apollo.backplane.com> References: <388557FB.443E66B0@softweyr.com> <4.2.2.20000118234610.01dd9b60@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 11:56 PM 1/18/2000 , Matthew Dillon wrote: >:True. But one can minimize the damage. The best way to do this seems to be >:via a pseudorandom sequence number on the SYN-ACK, which eliminates the need >:for the server to retain any state after the SYN. >: >:--Brett > > Assuming you have bandwidth left to play with. SYNs and SYN-ACKs are short. Usually, the problem when you're SYN-flooded is resource starvation. FreeBSD apparently drops connections that are partially set up at random when it is SYN flooded. This protects the system from total devastation, but it can make your system or site appear to be unreliable! If you're an e-commerce site, for example, you can lose customers. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message