From owner-freebsd-hackers Mon Nov 29 10: 2:40 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from proxy2.ba.best.com (proxy2.ba.best.com [206.184.139.14]) by hub.freebsd.org (Postfix) with ESMTP id 1F2CE15282 for ; Mon, 29 Nov 1999 10:02:37 -0800 (PST) (envelope-from mda@discerning.com) Received: from MDAXKE (cm-24-142-61-115.cableco-op.ispchannel.com [24.142.61.115]) by proxy2.ba.best.com (8.9.3/8.9.2/best.out) with ESMTP id JAA22882 for ; Mon, 29 Nov 1999 09:59:03 -0800 (PST) Date: Mon, 29 Nov 1999 09:58:20 -0800 From: "Mark D. Anderson" To: freebsd-hackers@freebsd.org Subject: SYN flood and freebsd? Message-ID: <3271662348.943869500@MDAXKE> X-Mailer: Mulberry (Win32) [2.0.0a6, s/n U-301276] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG (I've struck out now on freebsd-security and freebsd-net, now trying freebsd-hackers....) i've searched around deja and freebsd.org and come up wanting (email archives show rarely show resolutions...). what is the current status in stable and latest regarding defense against SYN flood, and how is it implemented? i found some discussion regarding the inadequacy of the "SYN cookie" defense added to linux -- i couldn't make out whether that fix has actually been withdrawn from linux or not. i also didn't find an explanation of exactly what was bad about it -- something about firewalls or NAT. see for example: http://x41.deja.com/getdoc.xp?AN=491586304&CONTEXT=942635225.1891434518&hitnum=26 and openbsd has apparently settled on a random dropping of old half-open connections. appreciate some clarification on this, as well as pointers to where answers to things like this might be found, for those of us who don't want to run grep through kernel sources. -mda To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message ---------- End Forwarded Message ---------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message