mailing list archives
Re: SYN Flooding [info]
From: coxa () cableol net (Alan Cox)
Date: Mon, 16 Sep 1996 13:56:28 +0100
to the SYN-ACK within a couple of RTTs, and even if you throw away the
PCB, you will probably get another SYN from the counterparty
shortly. (Its true that some links can't do one packet per RTT, but
Van Jacobson's algorithm dies on those links anyway). Provided you
Most of Germany from the UK fits that category. Generally speaking for bad
bits of germany, austria and the like Im seeing 5-10 seconds average connect
time (been statting www.uk.linux.org)
1, No class C net may hold over 1/3rd of the queue. This is to stop
non spoofed attacks and runaway machines. That fixes attacks from
providers with half a brain or higher.
Thats not particularly useful. Any solution that will stop random
source SYNs will probably stop non-random ones pretty easily.
It stops accidents like crashed macs spamming with syns, and it stops people
on the filtered networks we should hopefully soon see.
Hopefully in three years most of the world will be agressively
I shall try some adaptive timeouts with interest.