From owner-freebsd-hackers  Wed Sep 25 07:31:42 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id HAA17726
          for hackers-outgoing; Wed, 25 Sep 1996 07:31:42 -0700 (PDT)
Received: from brasil.moneng.mei.com (brasil.moneng.mei.com [151.186.109.160])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id HAA17690
          for <hackers@freebsd.org>; Wed, 25 Sep 1996 07:31:37 -0700 (PDT)
Received: (from jgreco@localhost) by brasil.moneng.mei.com (8.7.Beta.1/8.7.Beta.1) id JAA08005; Wed, 25 Sep 1996 09:30:19 -0500
From: Joe Greco <jgreco@brasil.moneng.mei.com>
Message-Id: <199609251430.JAA08005@brasil.moneng.mei.com>
Subject: Re: Random drop solves SYN flooding problems
To: msmith@atrad.adelaide.edu.au (Michael Smith)
Date: Wed, 25 Sep 1996 09:30:19 -0500 (CDT)
Cc: hackers@freebsd.org
In-Reply-To: <199609250716.QAA08059@genesis.atrad.adelaide.edu.au> from "Michael Smith" at Sep 25, 96 04:46:23 pm
X-Mailer: ELM [version 2.4 PL24]
Content-Type: text
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

> Michael Dillon stands accused of saying:
> > first attempt.  For example, at 1200 bogus SYNs/sec and the IRIX 6.3
> > telnet listen queue of 383, there should be no trouble with peers
> > with RTT up to about 300 milliseconds.  I've tested with a telnet
> > client 250 milliseconds away while simultaneously bombing the machine
> > from nearby with ~1200 SYNs/sec, and see no telnet TCP retransmissions.
> 
> Yeah, great if you and all your clients are in the continental USA and have 
> unloaded high-speed links to you.  250ms is about the rtt of a 14k link
> using 'average' modems.  Stuff the rest of the world of course.  8(

Better to be only mildly crippled (the way I understand it, your _chances_
are still pretty good with a low speed link, but I have not hacked this
type of change into FreeBSD and tried it yet)..

... JG