[4481] in North American Network Operators' Group
Re: SYN flood messages flooding my mailbox
daemon@ATHENA.MIT.EDU (Curtis Villamizar)
Tue Sep 17 13:43:51 1996
To: Avi Freedman <freedman@netaxs.com>
cc: curtis@ans.net, nanog@merit.edu
Reply-To: curtis@ans.net
In-reply-to: Your message of "Mon, 16 Sep 1996 12:37:31 EDT."
<199609161637.MAA20184@netaxs.com>
Date: Tue, 17 Sep 1996 13:36:28 -0400
From: Curtis Villamizar <curtis@ans.net>
In message <199609161637.MAA20184@netaxs.com>, Avi Freedman writes:
>
> > implementation. This is a denial of service exposure that has gone
> > unaddressed in host implementations until recently. BSD now uses a
> > hash table on the TCP PCBs (protocol control blocks in the kernel) and
> > with change of removal of the check can support close to 64K-2000 PCBs
>
> Hmm. Interesting. I was told that NetBSD did not...
> Which version of BSD should I look at? A hash table on a static array of
> PCBs is a much better solution than letting a linked list get to 2000
> entries...
Oops. That's in a BSDI patch (PATCH K210-019) but I'm not sure about
FreeBSD or NetBSD distributions since I don't have one handy.
Curtis
ps- (My 6 year old has a FreeBSD system, but its 2.0.5. Got to get
him to upgrade. :)
