Bugtraq mailing list archives
Re: SYN Flooding [info]
From: coxa () cableol net (Alan Cox)
Date: Mon, 16 Sep 1996 13:56:28 +0100
to the SYN-ACK within a couple of RTTs, and even if you throw away the PCB, you will probably get another SYN from the counterparty
True.
shortly. (Its true that some links can't do one packet per RTT, but Van Jacobson's algorithm dies on those links anyway). Provided you
Most of Germany from the UK fits that category. Generally speaking for bad bits of germany, austria and the like Im seeing 5-10 seconds average connect time (been statting www.uk.linux.org)
1, No class C net may hold over 1/3rd of the queue. This is to stop non spoofed attacks and runaway machines. That fixes attacks from providers with half a brain or higher.Thats not particularly useful. Any solution that will stop random source SYNs will probably stop non-random ones pretty easily.
It stops accidents like crashed macs spamming with syns, and it stops people on the filtered networks we should hopefully soon see.
Hopefully in three years most of the world will be agressively filtering.
Exactly. I shall try some adaptive timeouts with interest. Alan
Current thread:
- SYN Flooding [info] Christopher Klaus (Sep 13)
- Re: SYN Flooding [info] Perry E. Metzger (Sep 13)
- Re: SYN Flooding [info] Alan Cox (Sep 16)
- Re: SYN Flooding [info] Perry E. Metzger (Sep 16)
- Re: SYN Flooding [info] Alan Cox (Sep 16)
- Re: SYN Flooding [info] Alan Cox (Sep 16)
- Re: SYN Flooding [info] Perry E. Metzger (Sep 13)
- Re: SYN Flooding [info] Alan Cox (Sep 16)