Subject: Re: syn flooding handling ..
To: <>
From: Ignatios Souvatzis <ignatios@cs.uni-bonn.de>
List: netbsd-users
Date: 03/18/2004 15:03:23
--B4IIlcmfBL/1gGOG
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Mar 17, 2004 at 09:48:44PM -0800, Sumit chauhan wrote:

> I am new to netbsd and looking for some info on netbsd behaviour for=20
> syn flooding.
> > From what I learn there were many ways proposed to handle this like=20
> > syn proxy, etc.
> Syn cache and rst cookies being most popular.
>=20
> I can see that tcp_input.c does has some code for handling of these.
> but I am new and so was wondering if some one can update me on the=20
> known behaviour of netbsd 1.6.1  under syn attack ? are connections for=
=20
> new clients accepted with ease ?

"syn cookies" is a strategy to avoid to keep a full connection control
block for a partial connection.

The NetBSD strategy is different, but also designed to withstand a huge
amount of partial connections without using much resources (e.g., memory).

search the tech-net or tech-kern mailing list for "syn flood attack";
you should be able to find a discussion on how the code is supposed to
work and what kind of load it can survive. For the details, you'll have
to read the source code...

Regards,
	-is

--B4IIlcmfBL/1gGOG
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: 2.6.i

iQEVAgUBQFmsKTCn4om+4LhpAQHa1Qf/d3bATsmZ5K+GnTbULXusUzZFvK0p+P1o
YZtpuWj2ucGjH2UUpaki57TtTWwFq+VXT0DUfiPnM+LhdCwsDHSqpt5DU2OqA/L7
OqH5l0rVoJx6urFg6OZPMhdwYvmG7xfTtH/iq84ANrEr/ld812+saUCAZ6iR0ZHX
MLOPNnm+U/Ii+9Dul4rfIvtJilktnRXcm5fJ+pDFEA+mULB8z1KTI3O+xOp7glCT
p6rfC/JiZTF+ZIYjZWC4bgSJQVoMe3xekmH3okKu4pemZ7qLkBvAgYFAk6s81ZD/
oEoSyG2xDr2wofNbxapjsbFLnGpdmbyAsfe6RwN68EE1rpcoV6QFLA==
=2Sxo
-----END PGP SIGNATURE-----

--B4IIlcmfBL/1gGOG--