From owner-freebsd-hackers  Thu Sep 12 10:16:00 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id KAA16797
          for hackers-outgoing; Thu, 12 Sep 1996 10:16:00 -0700 (PDT)
Received: from alpha.xerox.com (alpha.Xerox.COM [13.1.64.93])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id KAA16772
          for <freebsd-hackers@freebsd.org>; Thu, 12 Sep 1996 10:15:58 -0700 (PDT)
Received: from crevenia.parc.xerox.com ([13.2.116.11]) by alpha.xerox.com with SMTP id <15737(4)>; Thu, 12 Sep 1996 10:14:21 PDT
Received: from localhost ([127.0.0.1]) by crevenia.parc.xerox.com with SMTP id <177595>; Thu, 12 Sep 1996 10:13:49 -0700
X-Mailer: exmh version 1.6.7 5/3/96
To: Karl Denninger <karl@mcs.net>
cc: michael@memra.com (Michael Dillon), freebsd-hackers@freebsd.org
Subject: Re: SYN Resisting (fwd) 
In-reply-to: Your message of "Wed, 11 Sep 1996 12:39:57 PDT."
             <199609111939.OAA02328@Jupiter.mcs.net> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Thu, 12 Sep 1996 10:13:34 PDT
From: Bill Fenner <fenner@parc.xerox.com>
Message-Id: <96Sep12.101349pdt.177595@crevenia.parc.xerox.com>
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

I think that TCPTV_KEEP_INIT should be a sysctl variable, so that when someone 
is syn flooding you you can reduce it as low as you want, but when they're not 
you can leave it high so that people far away can connect to you.  Perhaps the 
"unlimited so_q0len" should also be a sysctl ('tho "unlimited" is probably 
pretty dangerous in itself...).

  Bill