[4485] in North American Network Operators' Group
Re: SYN flood messages flooding my mailbox
daemon@ATHENA.MIT.EDU (Matt Bush)
Tue Sep 17 14:38:46 1996
From: Matt Bush <xomox@boris.eden.com>
To: curtis@ans.net
Date: Tue, 17 Sep 1996 13:29:42 -0500 (CDT)
Cc: freedman@netaxs.com, nanog@merit.edu
In-Reply-To: <199609171736.NAA06744@brookfield.ans.net> from "Curtis Villamizar" at Sep 17, 1996 01:36:28 PM
>
> In message <199609161637.MAA20184@netaxs.com>, Avi Freedman writes:
> >
> > > implementation. This is a denial of service exposure that has gone
> > > unaddressed in host implementations until recently. BSD now uses a
> > > hash table on the TCP PCBs (protocol control blocks in the kernel) and
> > > with change of removal of the check can support close to 64K-2000 PCBs
> >
> > Hmm. Interesting. I was told that NetBSD did not...
> > Which version of BSD should I look at? A hash table on a static array of
> > PCBs is a much better solution than letting a linked list get to 2000
> > entries...
>
> Oops. That's in a BSDI patch (PATCH K210-019) but I'm not sure about
> FreeBSD or NetBSD distributions since I don't have one handy.
>
I'm not sure about prior releases, but FreeBSD 2.1.0 and above do hash
PCB's, with a default hash size of 128. The constant name is TCBHASHSIZE
in netinet/tcp_subr.c. To raise it, just add
options "TCBHASHSIZE=2048" # More capable TCB hash
... and if you feel the need, add
options "UDBHASHSIZE=1024" # More capable UDB hash
to your kern config file.
> Curtis
>
> ps- (My 6 year old has a FreeBSD system, but its 2.0.5. Got to get
> him to upgrade. :)
>
Version 2.1.5-Release is now available. ;-)
Cheers,
-Matt
