From owner-freebsd-hackers  Fri Sep 27 15:20:10 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id PAA02287
          for hackers-outgoing; Fri, 27 Sep 1996 15:20:10 -0700 (PDT)
Received: (from jmb@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id PAA02260;
          Fri, 27 Sep 1996 15:20:07 -0700 (PDT)
From: "Jonathan M. Bresler" <jmb>
Message-Id: <199609272220.PAA02260@freefall.freebsd.org>
Subject: Re: patch against SYN floods (RED impl.)
To: apg@demos.net (Paul Antonov)
Date: Fri, 27 Sep 1996 15:20:07 -0700 (PDT)
Cc: fenner@parc.xerox.com, guido@gvr.win.tue.nl, apg@demos.net,
        hackers@freebsd.org
In-Reply-To: <oFyy3JouB0@dream.demos.su> from "Paul Antonov" at Sep 28, 96 00:55:24 am
X-Mailer: ELM [version 2.4 PL24]
Content-Type: text
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Paul Antonov wrote:
> 
> In message <96Sep27.133646pdt.177476@crevenia.parc.xerox.com> Bill
>     Fenner writes:
> 
> >Not only that, but it's relatively dangerous to use information supplied
> >by the attacker as part of your "random" number.  For example, the attacker
> >could vary his initial sequence number by tv_usec / 33 and keep the
> >"random" number constant.
> 
> Yes, I agree that better random function is necessary. My own test flood
> generator uses random seq's - it's too good :) Any ideas?
> 
> >The "oldest-drop" code in -current works well for moderate attack rates;
> >a "random-drop" mode works better for a heavy attack.  The best thing
> >would be an automatic switch based upon the rate of queue drops.
> 
> Mmm, I just tested - only 10 syns/sec bring down 2.2-current with default
> listen() queue parameters, and even 100 doesn't do anything noticeable
> with the above patch. 'oldest-drop' introduces too strong RTT discrimination.
> No problem when you're on the same ethernet, but when you're at home ...;-)

	which version of tcp_input.c and sys/socket.h are you using?
	can you provide the output of "uname -a" ??

	what is "bring down 2.2-current"??  render that server unusable
	or crash the computer or ??

jmb
--
Jonathan M. Bresler           FreeBSD Postmaster             jmb@FreeBSD.ORG
FreeBSD--4.4BSD Unix for PC clones, source included. http://www.freebsd.org/
PGP 2.6.2 Fingerprint:      31 57 41 56 06 C1 40 13  C5 1C E3 E5 DC 62 0E FB