From owner-freebsd-security  Fri Nov  8 10:01:47 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id KAA26421
          for security-outgoing; Fri, 8 Nov 1996 10:01:47 -0800 (PST)
Received: (from jmb@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id KAA26411
          for security; Fri, 8 Nov 1996 10:01:45 -0800 (PST)
From: "Jonathan M. Bresler" <jmb>
Message-Id: <199611081801.KAA26411@freefall.freebsd.org>
Subject: urgent! SYN packet flood tolerance in 2.1.5? (fwd)
To: security
Date: Fri, 8 Nov 1996 10:01:44 -0800 (PST)
X-Mailer: ELM [version 2.4 PL24]
Content-Type: text
Sender: owner-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

Ian Kallen wrote:
>From ian@ns1.gamespot.com Thu Nov  7 14:36:56 1996
Message-Id: <199611071325.NAA25683@gamespot.com>
Comments: Authenticated sender is <ian@mail.gamespot.com>
From: "Ian Kallen" <ian@gamespot.com>
To: jmb@freebsd.org
Date: Thu, 7 Nov 1996 12:39:33 +0000
Subject: urgent! SYN packet flood tolerance in 2.1.5?
Reply-to: ian@gamespot.com
CC: jkh@time.freebsd.org
Priority: normal
X-mailer: Pegasus Mail for Windows (v2.23)

I saw mention of updates to some of the source and headers for 
2.2-current that should provide better SYN flood tolerance.  Is there 
anyway/recipe that you know of to implement these fixes in 2.1.5?  
I know that DEC and BSDi and others have been publishing patches and 
kernel reconfigs to "harden" their kernels.
One of my machines (ftp.gamespot.com) has been under attack with 
floods to port 21, the originating IP address is presently filtered 
at the router but that filter is going to have to come down.  
Besides, the originator might switch IP addresses soon.  Anyway, if 
you have any suggestions for getting this patched without going to 
the 2.2 branch, I'd really appreciate it.

thanks much in advance
--
Ian Kallen                           ian@gamespot.com
     Director of Technology & Web Administration
            http://www.gamespot.com


-- 
Jonathan M. Bresler           FreeBSD Postmaster             jmb@FreeBSD.ORG
FreeBSD--4.4BSD Unix for PC clones, source included. http://www.freebsd.org/
PGP 2.6.2 Fingerprint:      31 57 41 56 06 C1 40 13  C5 1C E3 E5 DC 62 0E FB