> Date: Tue, 26 Mar 2002 22:10:44 +0100 > From: Nico Meijer <[EMAIL PROTECTED]>
> I did that a couple of times and it didn't work for me at > all. I blocked the 'offending' IPs thru ipchains and logged all > data coming in from those. Hardly what you would call a > flood. You couldn't flood a 300bps modem with that traffic. SYN flood != traffic flood Anyone else been around long enough to remember how Panix was hit by a SYN flood? A dialup user nearly shut them down. No, SYN floods work by flooding the kernel with requests to open TCP connections, until it just plain runs out. If someone sends a 3 kB/s stream of minimally-sized TCP/SYN packets, your machine will be bombarded by several hundred SYN requests per second. Multiply that by the timeout period... LOTS of half-open sockets. I rather like how OpenBSD handles (IIRC) SYN floods. It simply uses a RED-like algorithm to replace a half-open socket with the new attempt. Pretty slick, IMHO. Eddy Brotsman & Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence -- Date: Mon, 21 May 2001 11:23:58 +0000 (GMT) From: A Trap <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <[EMAIL PROTECTED]>, or you are likely to be blocked. _______________________________________________ cobalt-developers mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-developers
