From owner-freebsd-hackers  Fri Sep 13 02:35:39 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id CAA08750
          for hackers-outgoing; Fri, 13 Sep 1996 02:35:39 -0700 (PDT)
Received: from haldjas.folklore.ee (Haldjas.folklore.ee [193.40.6.121])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id CAA08736
          for <freebsd-hackers@freebsd.org>; Fri, 13 Sep 1996 02:35:22 -0700 (PDT)
Received: (from narvi@localhost) by haldjas.folklore.ee (8.7.5/8.6.12) id MAA01108; Fri, 13 Sep 1996 12:27:16 +0300 (EET DST)
Date: Fri, 13 Sep 1996 12:27:16 +0300 (EET DST)
From: Narvi <narvi@haldjas.folklore.ee>
To: Karl Denninger <karl@Mcs.Net>
cc: A JOSEPH KOSHY <koshy@india.hp.com>, karl@Mcs.Net,
        freebsd-hackers@freebsd.org
Subject: Re: SYN Resisting (fwd)
In-Reply-To: <199609120328.WAA09803@Jupiter.mcs.net>
Message-ID: <Pine.BSF.3.91.960913122353.1037A-100000@haldjas.folklore.ee>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk



On Wed, 11 Sep 1996, Karl Denninger wrote:

> > 
> > >>>> "Karl Denninger" <karl@Mcs.Net> writes
> > 
> > Hi Karl,
> > 
> > > This changes the startup connection timeout to 10 seconds, which should be
> > > more than enough on the Internet of today to prevent dropped links.  75
> > > seconds is only needed if you're running across two pieces of wet string.
> > 
> > I've seen very large startup times when attempting to connect to sundry
> > corners of the globe (> 30-45 seconds).  I think reducing the connection
> > timeout isn't a good idea as it would impact the ability of FreeBSD to
> > connect to distant sites / sites accessible thru the congested links.
> > 
> > Koshy
> 
> Well, unless someone has a better idea, you can choose between that problem
> and the SYN floods.....
> 
> I haven't seen that kind of connect time in a long, long while on the net
> backbones... but then again, I may be better connected here than most.

And people in those corners have similar troubles connecting to the big 
world :-( How about making it to an otion which allows you to *specify* 
the timeout value? The approach of allowing only two modes of operation 
(the present and flood protected) is not too flexible.

	Sander

> 
> --
> --
> Karl Denninger (karl@MCS.Net)| MCSNet - The Finest Internet Connectivity
> http://www.mcs.net/~karl     | T1 from $600 monthly; speeds to DS-3 available
> 			     | 23 Chicagoland Prefixes, 13 ISDN, much more
> Voice: [+1 312 803-MCS1 x219]| Email to "info@mcs.net" WWW: http://www.mcs.net/
> Fax:   [+1 312 248-9865]     | Home of Chicago's only FULL Clarinet feed!
>