Date: Sat, 11 Jan 2003 19:14:30 -0600 (CST) From: Mike Silbersack <silby@silby.com> To: Josh Brooks <user@mail.econolodgetulsa.com> Cc: Richard A Steenbergen <ras@e-gerbil.net>, "" <freebsd-net@FreeBSD.ORG> Subject: Re: What is my next step as a script kiddie ? (DDoS) Message-ID: <20030111191108.L19841-100000@patrocles.silby.com> In-Reply-To: <20030111150725.E78856-100000@mail.econolodgetulsa.com> References: <20030111150725.E78856-100000@mail.econolodgetulsa.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 11 Jan 2003, Josh Brooks wrote: > Thanks for your help - two last questions regarding this: > > 1. On a FreeBSD router/firewall, does it take more processing power to > respond to (and reset) a SYN to a target IP:port that is nonexistent than > it does to respond to a target IP:port that is in heavy use ? > > that is, is there some caching mechanism in use that makes incoming DoS > packets to _already busy_ IP:ports "cost less" in terms of processor than > SYN packets to IP:ports that don't exist ? Just curious. Handling random packets to unused ports is far easier for the computer to handle. By default the first 200 or so are responded to, and the rest are just ignored. On the other hand, a SYN flood targetting an active port is another story. The host must assume that all incoming packets are legitimate, and can't just throw some away. You're going to need to do more reading. Serious attackers are already 5 miles ahead of you. No, I'm not going to say how, I don't want to give the script kiddies ideas about FreeBSD's weaknesses. :) Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030111191108.L19841-100000>