Date: Mon, 23 Sep 1996 10:10:44 +1000 (EST) From: Darren Reed <avalon@coombs.anu.edu.au> To: imp@village.org (Warner Losh) Cc: tweten@frihet.com, newton@communica.com.au, spfarrel@midway.uchicago.edu, security@FreeBSD.org Subject: Re: comments on the SYN attack Message-ID: <199609230011.RAA14774@freefall.freebsd.org> In-Reply-To: <199609212143.PAA02996@rover.village.org> from "Warner Losh" at Sep 21, 96 03:43:35 pm
next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Warner Losh, sie said: [...] > I think that if you get the point of discarding stuff, then you are in > trouble anyway. It would be nice to not discard it too soon. Also, > if the rates are such that you know you can handle it, then I think > the determanistic would be better. If they are absolutely hammering > the snot out of you, then the random one would be better because the > service is so crappy anyway that a little flakiness is better than no > possibility of a connection. > > Bottom line: You don't want to drop these things if you can help > it... so, you're saying something like "if I already have an established connection to this source host, try not to drop the half-open state" ? I say "try" because someone might flood you with fake SYN packets which are from an IP# that won't receive the ACK because of firewalling, although you already have on established connection from that host. Darren
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199609230011.RAA14774>