Hello,

I'm Kiran and I'm working on SYN flood attack detection and mitigation. I have 
a few questions regarding the TCP backlog queue. I would appreciate your 
interest in answering my questions.

(1) Is the TCP "backlog queue" just a queue of Transmission Control Blocks 
(TCBs) which are initialized for TCP connections. If not, please tell me how 
they differ.

(2) To my knowledge, I undertand that the TCP backlog queue is a data structure 
that maintains a list of half open connections, but I am not able to figure out 
how it is implemented, how entries are enqueued and dequeued (entry replacement 
policy),and what information about a connection is enqueued.      

(3) Is there an API to access the (contents or status of) TCP backlog queue in 
Windows operating systems?

(4) Where can I find material (or websites) detailing the working of a TCP 
backlog queue during TCP connection establishment and termination?

Thank you,
Kiran


-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/