From owner-freebsd-net@FreeBSD.ORG  Tue Nov  8 21:57:00 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: net@freebsd.org
Delivered-To: freebsd-net@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1D22716A41F
	for <net@freebsd.org>; Tue,  8 Nov 2005 21:57:00 +0000 (GMT)
	(envelope-from lars.eggert@netlab.nec.de)
Received: from kyoto.netlab.nec.de (kyoto.netlab.nec.de [195.37.70.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 79FF143D48
	for <net@freebsd.org>; Tue,  8 Nov 2005 21:56:59 +0000 (GMT)
	(envelope-from lars.eggert@netlab.nec.de)
Received: from lars.ietf64.ietf.org (pp107-126.bctel.ca [209.52.107.126])
	by kyoto.netlab.nec.de (Postfix) with ESMTP id CBB871BAC4D;
	Tue,  8 Nov 2005 22:56:55 +0100 (CET)
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by lars.ietf64.ietf.org (Postfix) with ESMTP id 3234C414569;
	Tue,  8 Nov 2005 13:56:46 -0800 (PST)
In-Reply-To: <20051108204603.GA2121@stack.nl>
References: <E019841F-389F-4B15-942E-F30F6745ECBF@netlab.nec.de>
	<20051108204603.GA2121@stack.nl>
Mime-Version: 1.0 (Apple Message framework v746.2)
Content-Type: multipart/signed; micalg=sha1; boundary=Apple-Mail-1-708463057;
	protocol="application/pkcs7-signature"
Message-Id: <280E31B0-BA54-404A-8CD4-2EF64F767B9A@netlab.nec.de>
From: Lars Eggert <lars.eggert@netlab.nec.de>
Date: Tue, 8 Nov 2005 13:56:41 -0800
To: Marc Olzheim <marcolz@stack.nl>
X-Mailer: Apple Mail (2.746.2)
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: net@freebsd.org
Subject: Re: TCP RST handling in 6.0
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Nov 2005 21:57:00 -0000


--Apple-Mail-1-708463057
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset=US-ASCII;
	delsp=yes;
	format=flowed

On Nov 8, 2005, at 12:46, Marc Olzheim wrote:
> Being on the wrong end of a distributed tcp syn flood attack atm.  
> on the
> machine I'm mailing from, is probably enough to convince me of its  
> use.

The change we are discussing is not protecting you from SYN floods,  
it is supposed to protect you from spoofed RSTs.

Lars
--
Lars Eggert                                     NEC Network Laboratories


--Apple-Mail-1-708463057--