Date: Fri, 27 Sep 1996 15:20:07 -0700 (PDT) From: "Jonathan M. Bresler" <jmb> To: apg@demos.net (Paul Antonov) Cc: fenner@parc.xerox.com, guido@gvr.win.tue.nl, apg@demos.net, hackers@freebsd.org Subject: Re: patch against SYN floods (RED impl.) Message-ID: <199609272220.PAA02260@freefall.freebsd.org> In-Reply-To: <oFyy3JouB0@dream.demos.su> from "Paul Antonov" at Sep 28, 96 00:55:24 am
next in thread | previous in thread | raw e-mail | index | archive | help
Paul Antonov wrote: > > In message <96Sep27.133646pdt.177476@crevenia.parc.xerox.com> Bill > Fenner writes: > > >Not only that, but it's relatively dangerous to use information supplied > >by the attacker as part of your "random" number. For example, the attacker > >could vary his initial sequence number by tv_usec / 33 and keep the > >"random" number constant. > > Yes, I agree that better random function is necessary. My own test flood > generator uses random seq's - it's too good :) Any ideas? > > >The "oldest-drop" code in -current works well for moderate attack rates; > >a "random-drop" mode works better for a heavy attack. The best thing > >would be an automatic switch based upon the rate of queue drops. > > Mmm, I just tested - only 10 syns/sec bring down 2.2-current with default > listen() queue parameters, and even 100 doesn't do anything noticeable > with the above patch. 'oldest-drop' introduces too strong RTT discrimination. > No problem when you're on the same ethernet, but when you're at home ...;-) which version of tcp_input.c and sys/socket.h are you using? can you provide the output of "uname -a" ?? what is "bring down 2.2-current"?? render that server unusable or crash the computer or ?? jmb -- Jonathan M. Bresler FreeBSD Postmaster jmb@FreeBSD.ORG FreeBSD--4.4BSD Unix for PC clones, source included. http://www.freebsd.org/ PGP 2.6.2 Fingerprint: 31 57 41 56 06 C1 40 13 C5 1C E3 E5 DC 62 0E FB
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199609272220.PAA02260>