[4381] in linux-net channel archive
Re: (fwd) BoS: Tool for stopping SYN floods
daemon@ATHENA.MIT.EDU (Alan Cox)
Sat Sep 14 16:17:01 1996
To: submit-linux-dev-net@ratatosk.yggdrasil.com
From: alan@lxorguk.ukuu.org.uk (Alan Cox)
Date: 14 Sep 1996 20:56:57 +0100
In article <dxpwoe.km7@bigred.inka.de>, Olaf Titz <olaf@bigred.inka.de> wrote:
>The solution prevented below looks very simple, could this be a
>possible way out of the problem?
Maybe
>> We have a tool that will look for SYN packets that do not get followed with
>> ACK and clean the half open connections by sending a RST packet. This
Of course you can't tell a SYN waiting for ack from a fake SYN waiting for
an ACK that won't come. If we want to do what this piece of software
claims to do we can set a limit on the time we wait until a connection
completes. Setting a limit is not a bad plan.
The big problem is that we can't really go from waiting for the final
ACK to closed without risking resetting a real connection. Statistically
I think however it is better we take that small risk.
Alan
--
UKUU free UUCP Project Swansea | Alan Cox, <alan.cox@linux.org>
+44 1792 422028 (Cabletel) | Custom Linux Software Projects.
Sonix 33.6K 24x7 | Linux Consultancy. Linux Networking.
"Hey, Alan, you're being nice! Are you feeling okay?" - Dave Willmore
