From owner-freebsd-security Sun Nov 14 3:41:39 1999 Delivered-To: freebsd-security@freebsd.org Received: from adm.sci-nnov.ru (adm.sci-nnov.ru [195.122.226.2]) by hub.freebsd.org (Postfix) with ESMTP id E88FF15033 for ; Sun, 14 Nov 1999 03:41:27 -0800 (PST) (envelope-from vlad@sandy.ru) Received: from anonymous.sandy.ru (anonymous.sandy.ru [195.122.226.12]) by adm.sci-nnov.ru (8.9.3/Dmiter-4.1) with ESMTP id OAA80899; Sun, 14 Nov 1999 14:36:41 +0300 (MSK) Date: Sun, 14 Nov 1999 14:36:44 +0300 From: Vladimir Dubrovin X-Mailer: The Bat! (v1.34) S/N D33CD428 Reply-To: Vladimir Dubrovin Organization: Sandy Info X-Priority: 3 (Normal) Message-ID: <7608.991114@sandy.ru> To: "Mark D. Anderson" , freebsd-security@FreeBSD.ORG Subject: Re: SYN flood and freebsd? In-reply-To: <1923120592.942520958@MDAXKE> References: <1923120592.942520958@MDAXKE> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello Mark D. Anderson, 14.11.99 6:22, you wrote: SYN flood and freebsd?; M> i've searched around deja and freebsd.org and come up wanting M> (email archives show rarely show resolutions...). M> what is the current status in stable and latest regarding M> defense against SYN flood, and how is it implemented? I'm interested in this question too. I don't know how it's released inside. From "outside" FreeBSD reaction to Syn flood looks like FreeBSD has limitation (be default) to allow only 100 SYNs to come in ~2 seconds: 1. First 100 SYNs are accepted and replied. 2. If this SYNs came in short time FreeBSD 3.x pauses for approx. 2-3 seconds before answer next 100 SYNs. It seems that SYNs which comes during the pause are queued and are dropped then max queue length is exceeded. I didn't tested the situation then all SYNs come from different IPs and didn't tested for queue length. Am I right? Can someone explain how does it works exactly? And how can I configure this behavior? +=-=-=-=-=-=-=-=-=+ |Vladimir Dubrovin| | Sandy Info, ISP | +=-=-=-=-=-=-=-=-=+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message