[1127] in linux-security and linux-alert archive
Re: [linux-security] SYN flooding (was inetd and
daemon@ATHENA.MIT.EDU (Alan Cox)
Sun Sep 1 07:52:34 1996
From: alan@lxorguk.ukuu.org.uk (Alan Cox)
To: hagopiar@vuser.vu.union.edu (Rob Hagopian)
Date: Sat, 31 Aug 1996 17:33:09 +0100 (BST)
Cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <v03007808ae4c83b33899@[199.232.252.122]> from "Rob Hagopian" at Aug 30, 96 07:52:32 am
> What about simply dropping the oldest SYN connections after the port(s)
> have been flooded, always leaving a connection available?
A connection that we have seen a SYN and replied SYN|ACK takes 2 minutes
to kill otherwise we could be tricked into starting a tcp foodfight with
a random victim..
Alan