Re: DoS attack against TCP services

To: current-users%netbsd.org@localhost
Subject: Re: DoS attack against TCP services
From: mlelstv%serpens.de@localhost (Michael van Elst)
Date: Mon, 19 Jan 2015 19:51:31 +0000 (UTC)

bqt%update.uu.se@localhost (Johnny Billquist) writes:

>Timeout should not depend on distance, and should actually be (at least) 
>2*MSS, which would be something in the several minutes range.

It's 2*msl but msl can be a bit variable

net.inet.tcp.mslt.enable = 1
net.inet.tcp.mslt.loopback = 2
net.inet.tcp.mslt.local = 10
net.inet.tcp.mslt.remote = 60

If I understand this correctly, these msl values are in units of 500ms,
so 2*msl is the same value in seconds.

What is considered a local connection is a bit of magic and if you set
net.inet.tcp.mslt.enable=0 then everything is treated as a remote
connection.

-- 
-- 
                                Michael van Elst
Internet: mlelstv%serpens.de@localhost
                                "A potential Snark may lurk in every tree."

Follow-Ups:
- Re: DoS attack against TCP services
  - From: 6bone

References:
- DoS attack against TCP services
  - From: 6bone
- Re: DoS attack against TCP services
  - From: Mindaugas Rasiukevicius
- Re: DoS attack against TCP services
  - From: 6bone
- Re: DoS attack against TCP services
  - From: Michael van Elst
- Re: DoS attack against TCP services
  - From: Johnny Billquist

Prev by Date: Re: DoS attack against TCP services
Next by Date: daily CVS update output
Previous by Thread: Re: DoS attack against TCP services
Next by Thread: Re: DoS attack against TCP services
Indexes:

Home | Main Index | Thread Index | Old Index