|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: SYN flood messages flooding my mailbox
In message <[email protected]>, Avi Freedman writes: > > > implementation. This is a denial of service exposure that has gone > > unaddressed in host implementations until recently. BSD now uses a > > hash table on the TCP PCBs (protocol control blocks in the kernel) and > > with change of removal of the check can support close to 64K-2000 PCBs > > Hmm. Interesting. I was told that NetBSD did not... > Which version of BSD should I look at? A hash table on a static array of > PCBs is a much better solution than letting a linked list get to 2000 > entries... Oops. That's in a BSDI patch (PATCH K210-019) but I'm not sure about FreeBSD or NetBSD distributions since I don't have one handy. Curtis ps- (My 6 year old has a FreeBSD system, but its 2.0.5. Got to get him to upgrade. :) - - - - - - - - - - - - - - - - -
|