Date: Fri, 01 Dec 2000 12:13:55 -0800 From: Umesh Krishnaswamy <umesh@juniper.net> To: Jason DiCioccio <Jason.DiCioccio@Epylon.com> Cc: "David G. Andersen" <dga@pobox.com>, freebsd-security@FreeBSD.ORG Subject: Re: Defeating SYN flood attacks Message-ID: <3A280683.A10605A4@juniper.net> References: <657B20E93E93D4118F9700D0B73CE3EA0242D4@goofy.epylon.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
Jason DiCioccio wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > 3.3.4? is that 3.3 or 3.4? > > - -JD- > Sorry, It was a 3.4 RELEASE. Umesh. > > - ------- > Jason DiCioccio > Evil Genius > Unix BOFH > > mailto:jasond@epylon.com > > 415-593-2761 Direct & Fax > 415-593-2900 Main > > Epylon Corporation > 645 Harrison Street, Suite 200 > San Francisco, CA 94107 > www.epylon.com > > BSD is for people who love Unix - > Linux is for people who hate Microsoft > > - -----Original Message----- > From: Umesh Krishnaswamy [mailto:umesh@juniper.net] > Sent: Friday, December 01, 2000 12:10 PM > To: David G. Andersen > Cc: freebsd-security@FreeBSD.ORG > Subject: Re: Defeating SYN flood attacks > > "David G. Andersen" wrote: > > > FreeBSD has been synflood resistant for several years. To a first > > order, you cannot effectively synflood a decently provisioned > > FreeBSD box and deny service to it UNLESS your "synflood" is really > > just a bandwidth consumption attack that eats up all of their > > bandwidth. > > > > There was a problem that cropped up about a year ago where a > > *really high volume* syn flood could cause some kernel problems, > > but that's fixed in all of the recent 4.x versions. Really high > > volume means 10Mbps+. > > > > Cool. That is good to hear. I just verified that the synflood attack > does not bring > down a 3.3.4 machine. If anybody knows off the top of their head, the > kernel source > files which have the fixes, it would help. > > Thx. > Umesh. > > > > > -Dave > > > > Lo and behold, Umesh Krishnaswamy once said: > > > > > > Hi Folks, > > > > > > I wanted to double-check which version of FreeBSD (if any) can > > > address a SYN flooding DoS attack. The latest FreeBSD sources > > > (tcp_input.c and ip_input.c) do not seem to have any code to > > > address such an attack. Maybe I am missing something. > > > > > > So if you folks can enlighten me on whether or how to handle the > > > SYN attack from within the kernel, I would appreciate it. I am > > > aware of ingress filtering; while that can help attacks from > > > randomized IP addresses, it will fail in the case of an attack > > > from a spoofed trusted IP address. Hence the desire to look into > > > the kernel for a fix. > > > > > > Thanks. > > > Umesh. > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > -- > > work: dga@lcs.mit.edu me: dga@pobox.com > > MIT Laboratory for Computer Science > > http://www.angio.net/ > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>; > > iQA/AwUBOigF/FCmU62pemyaEQIS9QCg5BhTO6+ItPtZ9n94WFEoQ6C53UsAn06S > atYxY0C/YVeZIbveb4by76/I > =GQZm > -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A280683.A10605A4>