SYN flood messages flooding my mailbox

• Previous message (by thread): SYN flood messages flooding my mailbox
• Next message (by thread): SYN flood messages flooding my mailbox
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In message <199609161637.MAA20184 at netaxs.com>, Avi Freedman writes:
> 
> > implementation.  This is a denial of service exposure that has gone
> > unaddressed in host implementations until recently.  BSD now uses a
> > hash table on the TCP PCBs (protocol control blocks in the kernel) and
> > with change of removal of the check can support close to 64K-2000 PCBs
> 
> Hmm.  Interesting.  I was told that NetBSD did not...
> Which version of BSD should I look at?  A hash table on a static array of
> PCBs is a much better solution than letting a linked list get to 2000
> entries...

Oops.  That's in a BSDI patch (PATCH K210-019) but I'm not sure about
FreeBSD or NetBSD distributions since I don't have one handy.

Curtis

ps- (My 6 year old has a FreeBSD system, but its 2.0.5.  Got to get
him to upgrade. :)

• Previous message (by thread): SYN flood messages flooding my mailbox
• Next message (by thread): SYN flood messages flooding my mailbox
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]