Date: Sun, 14 Nov 1999 14:36:44 +0300 From: Vladimir Dubrovin <vlad@sandy.ru> To: "Mark D. Anderson" <mda@discerning.com>, freebsd-security@FreeBSD.ORG Subject: Re: SYN flood and freebsd? Message-ID: <7608.991114@sandy.ru> In-Reply-To: <1923120592.942520958@MDAXKE> References: <1923120592.942520958@MDAXKE>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Mark D. Anderson, 14.11.99 6:22, you wrote: SYN flood and freebsd?; M> i've searched around deja and freebsd.org and come up wanting M> (email archives show rarely show resolutions...). M> what is the current status in stable and latest regarding M> defense against SYN flood, and how is it implemented? I'm interested in this question too. I don't know how it's released inside. From "outside" FreeBSD reaction to Syn flood looks like FreeBSD has limitation (be default) to allow only 100 SYNs to come in ~2 seconds: 1. First 100 SYNs are accepted and replied. 2. If this SYNs came in short time FreeBSD 3.x pauses for approx. 2-3 seconds before answer next 100 SYNs. It seems that SYNs which comes during the pause are queued and are dropped then max queue length is exceeded. I didn't tested the situation then all SYNs come from different IPs and didn't tested for queue length. Am I right? Can someone explain how does it works exactly? And how can I configure this behavior? +=-=-=-=-=-=-=-=-=+ |Vladimir Dubrovin| | Sandy Info, ISP | +=-=-=-=-=-=-=-=-=+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7608.991114>