From owner-freebsd-security  Fri Dec  1 12:57: 1 2000
Delivered-To: freebsd-security@freebsd.org
Received: from mohegan.mohawk.net (mohegan.mohawk.net [63.66.68.21])
	by hub.freebsd.org (Postfix) with ESMTP id 7ACA337B404
	for <freebsd-security@FreeBSD.ORG>; Fri,  1 Dec 2000 12:56:58 -0800 (PST)
Received: from mohegan.mohawk.net (mohegan.mohawk.net [63.66.68.21])
	by mohegan.mohawk.net (8.9.3/8.9.3) with ESMTP id QAA93146;
	Fri, 1 Dec 2000 16:02:11 -0500 (EST)
	(envelope-from rjh@mohawk.net)
Date: Fri, 1 Dec 2000 16:02:11 -0500 (EST)
From: Ralph Huntington <rjh@mohawk.net>
To: Brett Glass <brett@lariat.org>
Cc: Umesh Krishnaswamy <umesh@juniper.net>,
	freebsd-security@FreeBSD.ORG, Umesh Krishnaswamy <umesh@juniper.net>
Subject: Re: Defeating SYN flood attacks
In-Reply-To: <4.3.2.7.2.20001201131729.04907bf0@localhost>
Message-ID: <Pine.BSF.4.21.0012011601470.92040-100000@mohegan.mohawk.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

This is very very clever. I don't see any holes in it (anyone else?).

On Fri, 1 Dec 2000, Brett Glass wrote:

> Steve Gibson just published a great article on SYN flood avoidance,
> complete with a mechanism that I think FreeBSD should adopt for it.
> See
> 
> http://grc.com/r&d/nomoredos.htm
> 
> --Brett
> 
> At 12:04 PM 12/1/2000, Umesh Krishnaswamy wrote:
>   
> >Hi Folks,
> >
> >I wanted to double-check which version of FreeBSD (if any) can address a
> >SYN flooding DoS attack. The latest FreeBSD sources (tcp_input.c and
> >ip_input.c) do not seem to have any code to address such an attack. Maybe I am
> >missing something.
> >
> >So if you folks can enlighten me on whether or how to handle the SYN attack from
> >within the kernel, I would appreciate it. I am aware of ingress filtering; while
> >that can help attacks from randomized IP addresses, it will fail in the case of
> >an attack from a spoofed trusted IP address. Hence the desire to look into the
> >kernel for a fix.
> >
> >Thanks.
> >Umesh.
> >
> >
> >
> >
> >To Unsubscribe: send mail to majordomo@FreeBSD.org
> >with "unsubscribe freebsd-security" in the body of the message
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message