From owner-freebsd-hackers  Thu Sep 12 17:14:55 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id RAA14715
          for hackers-outgoing; Thu, 12 Sep 1996 17:14:55 -0700 (PDT)
Received: from phaeton.artisoft.com (phaeton.Artisoft.COM [198.17.250.211])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id RAA14710
          for <freebsd-hackers@FreeBSD.org>; Thu, 12 Sep 1996 17:14:52 -0700 (PDT)
Received: (from terry@localhost) by phaeton.artisoft.com (8.6.11/8.6.9) id RAA07902; Thu, 12 Sep 1996 17:13:14 -0700
From: Terry Lambert <terry@lambert.org>
Message-Id: <199609130013.RAA07902@phaeton.artisoft.com>
Subject: Re: SYN Resisting (fwd)
To: avalon@coombs.anu.edu.au (Darren Reed)
Date: Thu, 12 Sep 1996 17:13:14 -0700 (MST)
Cc: terry@lambert.org, fenner@parc.xerox.com, karl@mcs.net,
        avalon@coombs.anu.edu.au, freebsd-hackers@FreeBSD.org,
        koshy@india.hp.com
In-Reply-To: <199609122319.QAA05189@coyote.Artisoft.COM> from "Darren Reed" at Sep 13, 96 09:18:40 am
X-Mailer: ELM [version 2.4 PL24]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-hackers@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

> I suspect that most NSP's in the USA don't provide international access.

All NSP's in the US connect to a NAP, or they aren't NSP's.  So there
are international interconnects for all of them, since you gointernational
at the NAP's as well.

Neither here nor there for the discussion, though.  8-).


> The point being, when your network is all peachy from end to end, having
> low timeouts is (maybe) acceptable, but when your endpoints are in
> diverse locations and throughput is not 100%, who is really winning ?
> 
> If the attacker is trying to cause denial of service, then it may be
> achieved by the other end when they make it harder for real users to
> connect quick enough.
> 
> To my thinking, this is a silly solution (but a reasonable patch for the
> sysctl :) to the SYN problem.  The problem must and can only be fixed
> with correct filtering by all ISPs so long as we use the current IP.

Here we agree.  If the point of your argument about bad traffic was that
the SYN "patch" didn't consider all of the larger issues, then I agree
100%.


					Terry Lambert
					terry@lambert.org
---
Any opinions in this posting are my own and not those of my present
or previous employers.