Date: Thu, 19 Sep 1996 22:38:26 -0500 From: Joe Greco <jgreco@brasil.moneng.mei.com> To: hackers@freebsd.org Subject: Re: Panix, TCP, and RED Message-ID: <199609200338.WAA11828@brasil.moneng.mei.com> In-Reply-To: <vxjohj6qzha.fsf@virtual1.eecs.harvard.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Are any networking folks looking into doing something like this for FreeBSD? In comp.protocols.tcp-ip article <vxjohj6qzha.fsf@virtual1.eecs.harvard.edu>, Robert Morris wrote: :Queues managed by random drop provide reasonably fair service without :knowing the identities of the senders. : :The idea is to drop a randomly selected listen queue entry upon :overflow, rather than the most recently arrived SYN. This penalizes :senders in proportion to the number of SYNs they have queued. If I :send just one SYN, chances are that it will be accepted even if the :queue is full, at somebody else's expense. If the evil hacker has many :SYNs queued, chances are it will be at his expense. Nothing here :depends on the evil hacker using the same IP source address for all :his SYNs. : :Can the evil hacker still win by sending SYNs faster? Suppose that the :listen queue is 100 entries long, that TCP keeps half-open connections :for 75 seconds, and that the server CPU is not overloaded. With the :current TCP implementation, the evil hacker need only send a few SYNs :per second to deny service to the good guys. With random drop, a good :guy's SYN will be placed in the listen queue, and his connection will :be accept()ed if he gets an ACK back before the evil hacker dislodges :him. Imagine that his ACK arrives 100 milliseconds later, so the evil :hacker must dislodge the SYN in just 100ms. If the evil hacker sends :500 SYNs per second, he has less than a 50% chance of dislodging the :good guy's SYN. Perhaps 500/second is fast enough that he'd easily be :caught. : :Consider reading Mankin and Ramakrishnan's RFC 1254, whence these :ideas came.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199609200338.WAA11828>