Date: Fri, 1 Dec 2000 16:02:11 -0500 (EST) From: Ralph Huntington <rjh@mohawk.net> To: Brett Glass <brett@lariat.org> Cc: Umesh Krishnaswamy <umesh@juniper.net>, freebsd-security@FreeBSD.ORG, Umesh Krishnaswamy <umesh@juniper.net> Subject: Re: Defeating SYN flood attacks Message-ID: <Pine.BSF.4.21.0012011601470.92040-100000@mohegan.mohawk.net> In-Reply-To: <4.3.2.7.2.20001201131729.04907bf0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
This is very very clever. I don't see any holes in it (anyone else?). On Fri, 1 Dec 2000, Brett Glass wrote: > Steve Gibson just published a great article on SYN flood avoidance, > complete with a mechanism that I think FreeBSD should adopt for it. > See > > http://grc.com/r&d/nomoredos.htm > > --Brett > > At 12:04 PM 12/1/2000, Umesh Krishnaswamy wrote: > > >Hi Folks, > > > >I wanted to double-check which version of FreeBSD (if any) can address a > >SYN flooding DoS attack. The latest FreeBSD sources (tcp_input.c and > >ip_input.c) do not seem to have any code to address such an attack. Maybe I am > >missing something. > > > >So if you folks can enlighten me on whether or how to handle the SYN attack from > >within the kernel, I would appreciate it. I am aware of ingress filtering; while > >that can help attacks from randomized IP addresses, it will fail in the case of > >an attack from a spoofed trusted IP address. Hence the desire to look into the > >kernel for a fix. > > > >Thanks. > >Umesh. > > > > > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-security" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0012011601470.92040-100000>