Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 11 Jan 2003 19:14:30 -0600 (CST)
From:      Mike Silbersack <silby@silby.com>
To:        Josh Brooks <user@mail.econolodgetulsa.com>
Cc:        Richard A Steenbergen <ras@e-gerbil.net>, "" <freebsd-net@FreeBSD.ORG>
Subject:   Re: What is my next step as a script kiddie ? (DDoS)
Message-ID:  <20030111191108.L19841-100000@patrocles.silby.com>
In-Reply-To: <20030111150725.E78856-100000@mail.econolodgetulsa.com>
References:  <20030111150725.E78856-100000@mail.econolodgetulsa.com>

next in thread | previous in thread | raw e-mail | index | archive | help

On Sat, 11 Jan 2003, Josh Brooks wrote:

> Thanks for your help - two last questions regarding this:
>
> 1. On a FreeBSD router/firewall, does it take more processing power to
> respond to (and reset) a SYN to a target IP:port that is nonexistent than
> it does to respond to a target IP:port that is in heavy use ?
>
> that is, is there some caching mechanism in use that makes incoming DoS
> packets to _already busy_ IP:ports "cost less" in terms of processor than
> SYN packets to IP:ports that don't exist ?  Just curious.

Handling random packets to unused ports is far easier for the computer to
handle.  By default the first 200 or so are responded to, and the rest are
just ignored.

On the other hand, a SYN flood targetting an active port is another story.
The host must assume that all incoming packets are legitimate, and can't
just throw some away.

You're going to need to do more reading.  Serious attackers are already 5
miles ahead of you.  No, I'm not going to say how, I don't want to give
the script kiddies ideas about FreeBSD's weaknesses. :)

Mike "Silby" Silbersack

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030111191108.L19841-100000>