Date: Wed, 19 Jan 2000 10:28:57 -0700 From: Brett Glass <brett@lariat.org> To: Matthew Dillon <dillon@apollo.backplane.com> Cc: Wes Peters <wes@softweyr.com>, patl@phoenix.volant.org, David Wolfskill <dhw@whistle.com>, matt@ARPA.MAIL.NET, freebsd-security@FreeBSD.ORG Subject: Re: TCP/IP Message-ID: <4.2.2.20000119102658.01a6c250@localhost> In-Reply-To: <200001190656.WAA33816@apollo.backplane.com> References: <ML-3.4.948228615.4905.patl@asimov.phoenix.volant.org> <388557FB.443E66B0@softweyr.com> <4.2.2.20000118234610.01dd9b60@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
At 11:56 PM 1/18/2000 , Matthew Dillon wrote: >:True. But one can minimize the damage. The best way to do this seems to be >:via a pseudorandom sequence number on the SYN-ACK, which eliminates the need >:for the server to retain any state after the SYN. >: >:--Brett > > Assuming you have bandwidth left to play with. SYNs and SYN-ACKs are short. Usually, the problem when you're SYN-flooded is resource starvation. FreeBSD apparently drops connections that are partially set up at random when it is SYN flooded. This protects the system from total devastation, but it can make your system or site appear to be unreliable! If you're an e-commerce site, for example, you can lose customers. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.2.20000119102658.01a6c250>