From owner-freebsd-security Fri Dec 1 12:22:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id 43A0937B402 for ; Fri, 1 Dec 2000 12:22:40 -0800 (PST) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id NAA25759; Fri, 1 Dec 2000 13:22:33 -0700 (MST) Message-Id: <4.3.2.7.2.20001201131729.04907bf0@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Fri, 01 Dec 2000 13:22:22 -0700 To: Umesh Krishnaswamy , freebsd-security@FreeBSD.ORG, umesh@juniper.net From: Brett Glass Subject: Re: Defeating SYN flood attacks In-Reply-To: <3A27F625.4C87CC7C@juniper.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Steve Gibson just published a great article on SYN flood avoidance, complete with a mechanism that I think FreeBSD should adopt for it. See http://grc.com/r&d/nomoredos.htm --Brett At 12:04 PM 12/1/2000, Umesh Krishnaswamy wrote: >Hi Folks, > >I wanted to double-check which version of FreeBSD (if any) can address a >SYN flooding DoS attack. The latest FreeBSD sources (tcp_input.c and >ip_input.c) do not seem to have any code to address such an attack. Maybe I am >missing something. > >So if you folks can enlighten me on whether or how to handle the SYN attack from >within the kernel, I would appreciate it. I am aware of ingress filtering; while >that can help attacks from randomized IP addresses, it will fail in the case of >an attack from a spoofed trusted IP address. Hence the desire to look into the >kernel for a fix. > >Thanks. >Umesh. > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message