Re: SYN flood and freebsd?

Vladimir Dubrovin (vladsandy.ru)
Sun, 14 Nov 1999 14:36:44 +0300

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: H. Eckert: "Re: Status of Passwords/etc in FreeBSD-stable"
• Previous message: Mike Tancsa: "Fwd: ssh-1.2.27 remote buffer overflow - exploitable (VD#7)"

Hello Mark D. Anderson,

14.11.99 6:22, you wrote: SYN flood and freebsd?;

M> i've searched around deja and freebsd.org and come up wanting
M> (email archives show rarely show resolutions...).

M> what is the current status in stable and latest regarding
M> defense against SYN flood, and how is it implemented?

I'm interested in this question too.

I don't know how it's released inside. From "outside" FreeBSD reaction
to Syn flood looks like FreeBSD has limitation (be default) to allow
only 100 SYNs to come in ~2 seconds:

1. First 100 SYNs are accepted and replied.
2. If this SYNs came in short time FreeBSD 3.x pauses for approx. 2-3
seconds before answer next 100 SYNs.

It seems that SYNs which comes during the pause are queued and are
dropped then max queue length is exceeded.

I didn't tested the situation then all SYNs come from different IPs
and didn't tested for queue length.

Am I right?
Can someone explain how does it works exactly? And how can I configure
this behavior?

  +=-=-=-=-=-=-=-=-=+
  |Vladimir Dubrovin|
  | Sandy Info, ISP |
  +=-=-=-=-=-=-=-=-=+

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Next message: H. Eckert: "Re: Status of Passwords/etc in FreeBSD-stable"
• Previous message: Mike Tancsa: "Fwd: ssh-1.2.27 remote buffer overflow - exploitable (VD#7)"

This archive was generated by hypermail 2.0b3 on Sun Nov 14 1999 - 05:41:11 CST