On 12/30/09 20:56, Sad Clouds wrote:
Does NetBSD employ any methods in its TCP stack to resist SYN flood DoS attacks?
Yes, syn cache. Very basically, you limit the number of half opened connections, and drop some if you reach a certain threshold.
If yes, how effective are those methods? Can they completely resist such attacks?
No method can _completely_ resist flooding; they can only mitigate the abuse/exploit to a certain extent.
-- Jean-Yves Migeon jeanyves.migeon%free.fr@localhost