Date: Fri, 01 Dec 2000 12:09:36 -0800 From: Umesh Krishnaswamy <umesh@juniper.net> To: "David G. Andersen" <dga@pobox.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Defeating SYN flood attacks Message-ID: <3A280580.D63A0F70@juniper.net> References: <200012011906.MAA25650@faith.cs.utah.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
"David G. Andersen" wrote: > FreeBSD has been synflood resistant for several years. To a first order, > you cannot effectively synflood a decently provisioned FreeBSD box and > deny service to it UNLESS your "synflood" is really just a bandwidth > consumption attack that eats up all of their bandwidth. > > There was a problem that cropped up about a year ago where a *really high > volume* syn flood could cause some kernel problems, but that's fixed in > all of the recent 4.x versions. Really high volume means 10Mbps+. > Cool. That is good to hear. I just verified that the synflood attack does not bring down a 3.3.4 machine. If anybody knows off the top of their head, the kernel source files which have the fixes, it would help. Thx. Umesh. > > -Dave > > Lo and behold, Umesh Krishnaswamy once said: > > > > Hi Folks, > > > > I wanted to double-check which version of FreeBSD (if any) can address a > > SYN flooding DoS attack. The latest FreeBSD sources (tcp_input.c and > > ip_input.c) do not seem to have any code to address such an attack. Maybe I am > > missing something. > > > > So if you folks can enlighten me on whether or how to handle the SYN attack from > > within the kernel, I would appreciate it. I am aware of ingress filtering; while > > that can help attacks from randomized IP addresses, it will fail in the case of > > an attack from a spoofed trusted IP address. Hence the desire to look into the > > kernel for a fix. > > > > Thanks. > > Umesh. > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > -- > work: dga@lcs.mit.edu me: dga@pobox.com > MIT Laboratory for Computer Science http://www.angio.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A280580.D63A0F70>