Date: Fri, 13 Sep 1996 04:39:14 -0700 (PDT) From: Robert Hanson <roberth@cet.com> To: Andrew Stesin <stesin@gu.net> Cc: firewalls@GreatCircle.COM, freebsd-hackers@freebsd.org Subject: Re: SYN floods - possible solution? (fwd) Message-ID: <Pine.LNX.3.94.960913043223.30937J-100000@cet.cet.com> In-Reply-To: <Pine.BSI.3.95.960913113044.13351A-100000@creator.gu.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 13 Sep 1996, Andrew Stesin wrote: > > > #else /* SYN/flood attack -- queue timeout expired */ > > 2'. ??? (who cares?) Drops bad SYN away Still knows > nothing snip > > I've heard of 1,000 per sec which implies that > > this box needs to hold open 30,000 to 75,000 potential sockets. Is there > > any problem within IPv4 (seq #'s?) that would make this inherently > > impossible? > > 200MHz P5, 2 PCI NICs, 256+ Mb RAM, > fast SCSI disk subsystem, + intelligent OS with > intelligent packet filter. That's a today's firewall > of choice for many people, anyway. > > What do you people think? This should (might?) work... > > Andrew Stesin im thinking dec alpha with 64 bit OS... is there 64 bit FreeBSD coming? Evidently Linus is working on Linux/Alpha... IMHO pentiums are consumer class product (read affordable for most).... my observations are that other than "basic" affordability pentium stuff isnt really scalable... every new chip only affords "price" hosabilty cycle all over again for the mfgs.... what makes pentiums fly is good BSD and Linux hackers... go with the idea if it is fairly easily implementable though... good luck nuff said... ---> Robert H. Hanson LAN/WAN Consultant - Internet Service Provider Otis Orchards, Wa. Cutting Edge Communications www.cet.com (509) 927-9541 finger: info@cet.com or email: roberth@cet.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.94.960913043223.30937J-100000>