From owner-freebsd-security  Mon Sep 23 05:00:25 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id FAA01575
          for security-outgoing; Mon, 23 Sep 1996 05:00:25 -0700 (PDT)
Received: from root.com (implode.root.com [198.145.90.17])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id FAA01554
          for <freebsd-security@freebsd.org>; Mon, 23 Sep 1996 05:00:22 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by root.com (8.7.5/8.6.5) with SMTP id FAA01684; Mon, 23 Sep 1996 05:00:19 -0700 (PDT)
Message-Id: <199609231200.FAA01684@root.com>
X-Authentication-Warning: implode.root.com: Host localhost [127.0.0.1] didn't use HELO protocol
To: "Basti, Zoltan" <zbs@kamila.softec.sk>
cc: "'freebsd-security@freebsd.org'" <freebsd-security@freebsd.org>
Subject: Re: SYN attack detection 
In-reply-to: Your message of "Mon, 23 Sep 1996 12:28:16 +0200."
             <c=US%a=_%p=Softec%l=KAMILA-960923102816Z-8@kamila.softec.sk> 
From: David Greenman <dg@root.com>
Reply-To: dg@root.com
Date: Mon, 23 Sep 1996 05:00:19 -0700
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

>Paul Traina in his announcement about the recent
>SYN flooding attack writes that the command
>
> % netstat -s | grep "listen queue overflows"
>
>will help attack detection.
>
>I'm running FreeBSD 2.1.0-RELEASE and don't seem to
>have 'listen queue overflows' in netstat -s.
>Is this in newer releases only or what am i missing?

   Yes. It's in both -current and -stable, but not in 2.1.0 or 2.1.5.

-DG

David Greenman
Core-team/Principal Architect, The FreeBSD Project