Re: Stopping SYN floods.

Alan Cox (alan@lxorguk.ukuu.org.uk)
Fri, 18 Oct 1996 21:51:35 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alan Cox: "Re: kernel thread question"
Previous message: Egor Egorov: "2.1.*"
In reply to: Chris Thornhill: "Stopping SYN floods."

> solution to this (in theory). Forgive my lack of proper terminology
> here, but couldn't the tcp/ip stack be written so that if its connection
> table for a particular port fills, the next incoming SYN packet immediatly
> causes the oldest connection that is waiting for an ACK from it's SYNACK
> to time out?

Thats basically what the filters do, only you don't time out the oldest
you pick one at random above a certain data rate. There are some subtleties
and nasty related attacks to deal with too, which at the moment most vendor
patches don't cover.

Alan

Next message: Alan Cox: "Re: kernel thread question"
Previous message: Egor Egorov: "2.1.*"
In reply to: Chris Thornhill: "Stopping SYN floods."