Date: Fri, 01 Dec 2000 11:04:05 -0800 From: Umesh Krishnaswamy <umesh@juniper.net> To: freebsd-security@freebsd.org, umesh@juniper.net Subject: Defeating SYN flood attacks Message-ID: <3A27F625.4C87CC7C@juniper.net>
next in thread | raw e-mail | index | archive | help
Hi Folks, I wanted to double-check which version of FreeBSD (if any) can address a SYN flooding DoS attack. The latest FreeBSD sources (tcp_input.c and ip_input.c) do not seem to have any code to address such an attack. Maybe I am missing something. So if you folks can enlighten me on whether or how to handle the SYN attack from within the kernel, I would appreciate it. I am aware of ingress filtering; while that can help attacks from randomized IP addresses, it will fail in the case of an attack from a spoofed trusted IP address. Hence the desire to look into the kernel for a fix. Thanks. Umesh. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A27F625.4C87CC7C>