Subject: SYN attack idea.
To: None <current-users@NetBSD.ORG>
From: Dave Burgess <>
List: current-users
Date: 09/27/1996 18:59:02
I haven't even looked at the code yet; I wanted to see if anyone was
thinking about doing something like this:

BSDi implements a couple of (pertinent) sysctl's that we don't:

net.inet.tcp.conntimeo (which is the connection timeout variable)
net.socket.maxconn (which is the maximum number of connections)

Since we have the source, changing the values in the netinet files so
the timeout is reduced (to 25 from 75) and the maximum connection count
is raised (from 8 or 16 to 255) is very simple.

What would it take to add these valiables to the sysctl table?  I might
try tonight, just to see what I can do.

Dave Burgess  (The man of a thousand E-Mail addresses)
*bsd FAQ Maintainer / SysAdmin for the NetBSD system in my spare bedroom
"Just because something is stupid doesn't mean there isn't someone that 
doesn't want to do it...."