Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: SYN Flooding [info]
From: coxa () cableol net (Alan Cox)
Date: Mon, 16 Sep 1996 13:56:28 +0100


to the SYN-ACK within a couple of RTTs, and even if you throw away the
PCB, you will probably get another SYN from the counterparty

True.

shortly. (Its true that some links can't do one packet per RTT, but
Van Jacobson's algorithm dies on those links anyway). Provided you

Most of Germany from the UK fits that category. Generally speaking for bad
bits of germany, austria and the like Im seeing 5-10 seconds average connect
time (been statting www.uk.linux.org)

1,  No class C net may hold over 1/3rd of the queue. This is to stop
    non spoofed attacks and runaway machines. That fixes attacks from
    providers with half a brain or higher.

Thats not particularly useful. Any solution that will stop random
source SYNs will probably stop non-random ones pretty easily.

It stops accidents like crashed macs spamming with syns, and it stops people
on the filtered networks we should hopefully soon see.

Hopefully in three years most of the world will be agressively
filtering.

Exactly.


I shall try some adaptive timeouts with interest.

Alan



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault