Date: Sun, 29 Feb 2004 00:13:21 -0600 (CST) From: Mike Silbersack <silby@silby.com> To: Don Bowman <don@sandvine.com> Cc: freebsd-hackers@freebsd.org Subject: RE: em0, polling performance, P4 2.8ghz FSB 800mhz Message-ID: <20040229001251.Q11460@odysseus.silby.com> In-Reply-To: <FE045D4D9F7AED4CBFF1B3B813C85337045D8307@mail.sandvine.com> References: <FE045D4D9F7AED4CBFF1B3B813C85337045D8307@mail.sandvine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 28 Feb 2004, Don Bowman wrote: > You could use ipfw to limit the damage of a syn flood, e.g. > a keep-state rule with a limit of ~2-5 per source IP, lower the > timeouts, increase the hash buckets in ipfw, etc. This would > use a mask on src-ip of all bits. > something like: > allow tcp from any to any setup limit src-addr 2 > > this would only allow 2 concurrent TCP sessions per unique > source address. Depends on the syn flood you are expecting > to experience. You could also use dummynet to shape syn > traffic to a fixed level i suppose. Does that really help? If so, we need to optimize the syncache. :( Mike "Silby" Silbersack
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040229001251.Q11460>