Date: Fri, 27 Sep 1996 13:36:38 PDT From: Bill Fenner <fenner@parc.xerox.com> To: guido@gvr.win.tue.nl (Guido van Rooij) Cc: apg@demos.net (Paul Antonov), hackers@freebsd.org Subject: Re: patch against SYN floods (RED impl.) Message-ID: <96Sep27.133646pdt.177476@crevenia.parc.xerox.com> In-Reply-To: Your message of "Fri, 27 Sep 96 12:37:52 PDT." <199609271937.VAA02005@gvr.win.tue.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <199609271937.VAA02005@gvr.win.tue.nl> you write: >Seeing your patch: isn't it much quicker to walk down the so_q0 list and >get the pcb's from there? Not only that, but it's relatively dangerous to use information supplied by the attacker as part of your "random" number. For example, the attacker could vary his initial sequence number by tv_usec / 33 and keep the "random" number constant. The "oldest-drop" code in -current works well for moderate attack rates; a "random-drop" mode works better for a heavy attack. The best thing would be an automatic switch based upon the rate of queue drops. Bill
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?96Sep27.133646pdt.177476>