Date: Wed, 25 Sep 1996 09:30:19 -0500 (CDT) From: Joe Greco <jgreco@brasil.moneng.mei.com> To: msmith@atrad.adelaide.edu.au (Michael Smith) Cc: hackers@freebsd.org Subject: Re: Random drop solves SYN flooding problems Message-ID: <199609251430.JAA08005@brasil.moneng.mei.com> In-Reply-To: <199609250716.QAA08059@genesis.atrad.adelaide.edu.au> from "Michael Smith" at Sep 25, 96 04:46:23 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> Michael Dillon stands accused of saying: > > first attempt. For example, at 1200 bogus SYNs/sec and the IRIX 6.3 > > telnet listen queue of 383, there should be no trouble with peers > > with RTT up to about 300 milliseconds. I've tested with a telnet > > client 250 milliseconds away while simultaneously bombing the machine > > from nearby with ~1200 SYNs/sec, and see no telnet TCP retransmissions. > > Yeah, great if you and all your clients are in the continental USA and have > unloaded high-speed links to you. 250ms is about the rtt of a 14k link > using 'average' modems. Stuff the rest of the world of course. 8( Better to be only mildly crippled (the way I understand it, your _chances_ are still pretty good with a low speed link, but I have not hacked this type of change into FreeBSD and tried it yet).. ... JG
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199609251430.JAA08005>