Date: Mon, 29 Nov 1999 09:58:20 -0800 From: "Mark D. Anderson" <mda@discerning.com> To: freebsd-hackers@freebsd.org Subject: SYN flood and freebsd? Message-ID: <3271662348.943869500@MDAXKE>
next in thread | raw e-mail | index | archive | help
(I've struck out now on freebsd-security and freebsd-net, now trying freebsd-hackers....) i've searched around deja and freebsd.org and come up wanting (email archives show rarely show resolutions...). what is the current status in stable and latest regarding defense against SYN flood, and how is it implemented? i found some discussion regarding the inadequacy of the "SYN cookie" defense added to linux -- i couldn't make out whether that fix has actually been withdrawn from linux or not. i also didn't find an explanation of exactly what was bad about it -- something about firewalls or NAT. see for example: http://x41.deja.com/getdoc.xp?AN=491586304&CONTEXT=942635225.1891434518&hitnum=26 and openbsd has apparently settled on a random dropping of old half-open connections. appreciate some clarification on this, as well as pointers to where answers to things like this might be found, for those of us who don't want to run grep through kernel sources. -mda To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message ---------- End Forwarded Message ---------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3271662348.943869500>