SYN flood messages flooding my mailbox
Curtis Villamizar
curtis at ans.net
Tue Sep 17 17:36:28 UTC 1996
In message <199609161637.MAA20184 at netaxs.com>, Avi Freedman writes:
>
> > implementation. This is a denial of service exposure that has gone
> > unaddressed in host implementations until recently. BSD now uses a
> > hash table on the TCP PCBs (protocol control blocks in the kernel) and
> > with change of removal of the check can support close to 64K-2000 PCBs
>
> Hmm. Interesting. I was told that NetBSD did not...
> Which version of BSD should I look at? A hash table on a static array of
> PCBs is a much better solution than letting a linked list get to 2000
> entries...
Oops. That's in a BSDI patch (PATCH K210-019) but I'm not sure about
FreeBSD or NetBSD distributions since I don't have one handy.
Curtis
ps- (My 6 year old has a FreeBSD system, but its 2.0.5. Got to get
him to upgrade. :)
More information about the NANOG
mailing list