Bugtraq: Re: SYN Flooding [info]

[coxa () cableol net (Alan Cox)]

> to the SYN-ACK within a couple of RTTs, and even if you throw away the
> PCB, you will probably get another SYN from the counterparty
True.

> shortly. (Its true that some links can't do one packet per RTT, but
> Van Jacobson's algorithm dies on those links anyway). Provided you
Most of Germany from the UK fits that category. Generally speaking for bad
bits of germany, austria and the like Im seeing 5-10 seconds average connect
time (been statting www.uk.linux.org)

> > 1,  No class C net may hold over 1/3rd of the queue. This is to stop
> >     non spoofed attacks and runaway machines. That fixes attacks from
> >     providers with half a brain or higher.
> Thats not particularly useful. Any solution that will stop random
> source SYNs will probably stop non-random ones pretty easily.
It stops accidents like crashed macs spamming with syns, and it stops people
on the filtered networks we should hopefully soon see.

> Hopefully in three years most of the world will be agressively
> filtering.
Exactly.


I shall try some adaptive timeouts with interest.

Alan