Date: Wed, 26 Feb 1997 12:31:49 -0700 (MST) From: Marc Slemko <marcs@znep.com> To: Simon <admin@scruz.net> Cc: security@FreeBSD.ORG Subject: Re: [SCZ-34647] Patch for SYN flooding Message-ID: <Pine.BSF.3.95.970226122825.1257C-100000@alive.znep.com> In-Reply-To: <199702261818.KAA20073@scruz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
If you run 2.1-stable or 2.2 it is already there. I think it was in 2.1.6 (err... the second 2.1.6 I think), and it is in 2.1.7. If you run 2.1.x, keeping up to date with the -stable tree is always good. There are few modifications to that tree, but important things like security fixes are made there a lot of the time. It implements oldest early drop, so that when the queue fills up it drops the oldest uncompleted connection. I think it makes a half-hearted attempt at random early drop when the rate gets very high, but that is horribly inefficient and will remain that way until that queue is moved into a hash table from a linked list. Works reasonably well, although you may want to bump up somaxconn and the backlog param in the listen() call of your server depending on your situation. On Wed, 26 Feb 1997, Simon wrote: > Hi, > > We're an ISP in Santa Cruz, California that runs FreeBSD on some of our > servers. We occaisonally experience unintentional SYN flooding attacks > due to uni-directional routing or similar problems. We understand that > there is a patch available that adresses the SYN flooding problem. We > would like to get information about this patch, what it does, > are where we can find it. We'd appreciate any information you can give > us. > > Thanks, > Simon > scruznet network operations > > ----------------------------------------------------------------------------- > Scruz-Net, Inc. * (800) 319-5555 * (408) 457-5050 * FAX: (408) 457-1020 > admin@scruz.net >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.970226122825.1257C-100000>