From owner-freebsd-security Sat Nov 13 19:24:52 1999 Delivered-To: freebsd-security@freebsd.org Received: from proxy2.ba.best.com (proxy2.ba.best.com [206.184.139.14]) by hub.freebsd.org (Postfix) with ESMTP id B6B0B152CA for ; Sat, 13 Nov 1999 19:24:33 -0800 (PST) (envelope-from mda@discerning.com) Received: from MDAXKE (mg130-166.ricochet.net [204.179.130.166]) by proxy2.ba.best.com (8.9.3/8.9.2/best.out) with ESMTP id TAA04222 for ; Sat, 13 Nov 1999 19:22:41 -0800 (PST) Date: Sat, 13 Nov 1999 19:22:38 -0800 From: "Mark D. Anderson" To: freebsd-security@FreeBSD.ORG Subject: SYN flood and freebsd? Message-ID: <1923120592.942520958@MDAXKE> X-Mailer: Mulberry (Win32) [2.0.0a6, s/n U-301276] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org i've searched around deja and freebsd.org and come up wanting (email archives show rarely show resolutions...). what is the current status in stable and latest regarding defense against SYN flood, and how is it implemented? i found some discussion regarding the inadequacy of the "SYN cookie" defense added to linux -- i couldn't make out whether that fix has actually been withdrawn from linux or not. i also didn't find an explanation of exactly what was bad about it -- something about firewalls or NAT. and openbsd has apparently settled on a random dropping of old half-open connections. appreciate some clarification on this, as well as pointers to where answers to things like this might be found, for those of us who don't want to run grep through kernel sources. -mda To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message