Date: Wed, 19 Dec 2001 08:44:02 -0500 (EST) From: Robert Watson <rwatson@FreeBSD.org> To: Jonathan Lemon <jlemon@FreeBSD.org> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet tcp_syncache.c Message-ID: <Pine.NEB.3.96L.1011219084343.55373B-100000@fledge.watson.org> In-Reply-To: <200112190612.fBJ6CE264053@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Further cheers expand onto the scene. :-) Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services On Tue, 18 Dec 2001, Jonathan Lemon wrote: > jlemon 2001/12/18 22:12:14 PST > > Modified files: > sys/netinet tcp_syncache.c > Log: > Extend the SYN DoS defense by adding syncookies to the syncache. > All TCP ISNs that are sent out are valid cookies, which allows entries > in the syncache to be dropped and still have the ACK accepted later. > As all entries pass through the syncache, there is no sudden switchover > from cache -> cookies when the cache is full; instead, syncache entries > simply have a reduced lifetime. More details may be found in the > "Resisting DoS attacks with a SYN cache" paper in the Usenix BSDCon 2002 > conference proceedings. > > Sponsored by: DARPA, NAI Labs > > Revision Changes Path > 1.6 +193 -14 src/sys/netinet/tcp_syncache.c > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1011219084343.55373B-100000>