From owner-freebsd-hackers  Thu Sep 12 16:20:24 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id QAA11419
          for hackers-outgoing; Thu, 12 Sep 1996 16:20:24 -0700 (PDT)
Received: from cheops.anu.edu.au (avalon@cheops.anu.edu.au [150.203.76.24])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id QAA11411
          for <freebsd-hackers@FreeBSD.org>; Thu, 12 Sep 1996 16:20:19 -0700 (PDT)
Message-Id: <199609122320.QAA11411@freefall.freebsd.org>
Received: by cheops.anu.edu.au
	(1.37.109.16/16.2) id AA035840320; Fri, 13 Sep 1996 09:18:40 +1000
From: Darren Reed <avalon@coombs.anu.edu.au>
Subject: Re: SYN Resisting (fwd)
To: terry@lambert.org (Terry Lambert)
Date: Fri, 13 Sep 1996 09:18:40 +1000 (EST)
Cc: fenner@parc.xerox.com, karl@mcs.net, terry@lambert.org,
        avalon@coombs.anu.edu.au, freebsd-hackers@FreeBSD.org,
        koshy@india.hp.com
In-Reply-To: <199609122202.PAA07685@phaeton.artisoft.com> from "Terry Lambert" at Sep 12, 96 03:02:21 pm
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Sender: owner-hackers@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

In some mail from Terry Lambert, sie said:
> 
> Other than that, I was a little peeved at blaming the US with the blanket
> statement that the loss was on the US end of things.  Ignoring perfectly
> valid source quench requests (from *non*-ICMP ATM routers) is only one
> of the possibilites that could be considered before calling everyone
> managing NSP in the US incompetent.

I think that some people are unaware of congestion at/in points such as
their West Coast (i.e. LA/Bay Area) where multiple, full, pipes start
for international destinations.

On the other hand, our local telco is probably no better than Sprint/MCI.

I suspect that most NSP's in the USA don't provide international access.

The point being, when your network is all peachy from end to end, having
low timeouts is (maybe) acceptable, but when your endpoints are in
diverse locations and throughput is not 100%, who is really winning ?

If the attacker is trying to cause denial of service, then it may be
achieved by the other end when they make it harder for real users to
connect quick enough.

To my thinking, this is a silly solution (but a reasonable patch for the
sysctl :) to the SYN problem.  The problem must and can only be fixed
with correct filtering by all ISPs so long as we use the current IP.

Darren