> solution to this (in theory). Forgive my lack of proper terminology
> here, but couldn't the tcp/ip stack be written so that if its connection
> table for a particular port fills, the next incoming SYN packet immediatly
> causes the oldest connection that is waiting for an ACK from it's SYNACK
> to time out?
Well, since most SYN floods are coming in at a very rapid pace, this
method would simply kick out the old, waiting, SYNs just as fast as new
ones came in. Hence, valid connections would have a hard time getting
established.
You'd have better luck establishing a valid connection by RANDOMLY
dropping a queued SYN packet.
Anyway, I don't know if this is the right place to be discussing this
already-buried-into-the-ground-on-other-lists subject :-)
-Taner
-=-=-=-=-=-=-=-=-=-=-=-=[ D. Taner Halicioglu ]=-=-=-=-=-=-=-=-=-=-=-=-
taner@CERF.NET -=- taner@ucsd.edu -=- taner@sdsc.edu
IRC Admin: irc.cerf.net -=- U. of California, San Diego, Computer Sci.
-=-=-=-=-=-=[ Linux 2.0.* OS -- http://www.sdsc.edu/~taner/ ]=-=-=-=-=-