From owner-freebsd-hackers@FreeBSD.ORG Sat Feb 28 22:13:25 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0A4E016A4CE for ; Sat, 28 Feb 2004 22:13:25 -0800 (PST) Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 82DC143D2F for ; Sat, 28 Feb 2004 22:13:24 -0800 (PST) (envelope-from silby@silby.com) Received: (qmail 29221 invoked from network); 29 Feb 2004 06:13:23 -0000 Received: from niwun.pair.com (HELO localhost) (209.68.2.70) by relay.pair.com with SMTP; 29 Feb 2004 06:13:23 -0000 X-pair-Authenticated: 209.68.2.70 Date: Sun, 29 Feb 2004 00:13:21 -0600 (CST) From: Mike Silbersack To: Don Bowman In-Reply-To: Message-ID: <20040229001251.Q11460@odysseus.silby.com> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-hackers@freebsd.org Subject: RE: em0, polling performance, P4 2.8ghz FSB 800mhz X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Feb 2004 06:13:25 -0000 On Sat, 28 Feb 2004, Don Bowman wrote: > You could use ipfw to limit the damage of a syn flood, e.g. > a keep-state rule with a limit of ~2-5 per source IP, lower the > timeouts, increase the hash buckets in ipfw, etc. This would > use a mask on src-ip of all bits. > something like: > allow tcp from any to any setup limit src-addr 2 > > this would only allow 2 concurrent TCP sessions per unique > source address. Depends on the syn flood you are expecting > to experience. You could also use dummynet to shape syn > traffic to a fixed level i suppose. Does that really help? If so, we need to optimize the syncache. :( Mike "Silby" Silbersack