From owner-freebsd-security Fri Dec 1 11: 4:12 2000 Delivered-To: freebsd-security@freebsd.org Received: from red.juniper.net (red.juniper.net [207.17.136.137]) by hub.freebsd.org (Postfix) with ESMTP id AB68937B400 for ; Fri, 1 Dec 2000 11:04:10 -0800 (PST) Received: from juniper.net (umesh-bsd.juniper.net [172.17.12.70]) by red.juniper.net (8.9.3/8.9.3) with ESMTP id LAA12578; Fri, 1 Dec 2000 11:04:05 -0800 (PST) Message-ID: <3A27F625.4C87CC7C@juniper.net> Date: Fri, 01 Dec 2000 11:04:05 -0800 From: Umesh Krishnaswamy Organization: Juniper Networks X-Mailer: Mozilla 4.75 [en] (X11; U; FreeBSD 2.2.8-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-security@freebsd.org, umesh@juniper.net Subject: Defeating SYN flood attacks Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi Folks, I wanted to double-check which version of FreeBSD (if any) can address a SYN flooding DoS attack. The latest FreeBSD sources (tcp_input.c and ip_input.c) do not seem to have any code to address such an attack. Maybe I am missing something. So if you folks can enlighten me on whether or how to handle the SYN attack from within the kernel, I would appreciate it. I am aware of ingress filtering; while that can help attacks from randomized IP addresses, it will fail in the case of an attack from a spoofed trusted IP address. Hence the desire to look into the kernel for a fix. Thanks. Umesh. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message