NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: SYN flood resilience

On 12/30/09 20:56, Sad Clouds wrote:
Does NetBSD employ any methods in its TCP stack to resist SYN flood DoS

Yes, syn cache. Very basically, you limit the number of half opened connections, and drop some if you reach a certain threshold.

If yes, how effective are those methods? Can they completely resist
such attacks?

No method can _completely_ resist flooding; they can only mitigate the abuse/exploit to a certain extent.

Jean-Yves Migeon

Home | Main Index | Thread Index | Old Index