Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 1 Dec 2000 12:06:45 -0700 (MST)
From:      "David G. Andersen" <dga@pobox.com>
To:        umesh@juniper.net (Umesh Krishnaswamy)
Cc:        freebsd-security@FreeBSD.ORG, umesh@juniper.net
Subject:   Re: Defeating SYN flood attacks
Message-ID:  <200012011906.MAA25650@faith.cs.utah.edu>
In-Reply-To: <3A27F625.4C87CC7C@juniper.net> from "Umesh Krishnaswamy" at Dec 01, 2000 11:04:05 AM
next in thread | previous in thread | raw e-mail | index | archive | help 
FreeBSD has been synflood resistant for several years.  To a first order,
you cannot effectively synflood a decently provisioned FreeBSD box and
deny service to it UNLESS your "synflood" is really just a bandwidth
consumption attack that eats up all of their bandwidth.

There was a problem that cropped up about a year ago where a *really high
volume* syn flood could cause some kernel problems, but that's fixed in
all of the recent 4.x versions.  Really high volume means 10Mbps+.

  -Dave

Lo and behold, Umesh Krishnaswamy once said:
> 
> Hi Folks,
> 
> I wanted to double-check which version of FreeBSD (if any) can address a
> SYN flooding DoS attack. The latest FreeBSD sources (tcp_input.c and
> ip_input.c) do not seem to have any code to address such an attack. Maybe I am
> missing something.
> 
> So if you folks can enlighten me on whether or how to handle the SYN attack from
> within the kernel, I would appreciate it. I am aware of ingress filtering; while
> that can help attacks from randomized IP addresses, it will fail in the case of
> an attack from a spoofed trusted IP address. Hence the desire to look into the
> kernel for a fix.
> 
> Thanks.
> Umesh.
> 
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 


-- 
work: dga@lcs.mit.edu                          me:  dga@pobox.com
      MIT Laboratory for Computer Science           http://www.angio.net/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200012011906.MAA25650>