From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 22430 invoked by alias); 25 May 2009 08:15:54 -0000 Received: (qmail 22419 invoked by uid 22791); 25 May 2009 08:15:53 -0000 X-SWARE-Spam-Status: No, hits=-0.6 required=5.0 tests=AWL,BAYES_50 X-Spam-Check-By: sourceware.org Received: from mx-dk.vsc.vitesse.com (HELO mx-dk.vsc.vitesse.com) (217.74.214.36) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Mon, 25 May 2009 08:15:44 +0000 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Mon, 25 May 2009 08:15:00 -0000 Message-ID: <376637F07F8A9242AD11921B15FA17DC924ACF@mx-dk.vsc.vitesse.com> From: "Rene Nielsen" To: Mailing-List: contact ecos-discuss-help@ecos.sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: ecos-discuss-owner@ecos.sourceware.org Subject: [ECOS] BSD TCP/IP Stack & SYN Flooding X-SW-Source: 2009-05/txt/msg00090.txt.bz2 Hi folks, =20 I have a question regarding TCP SYN Flooding attacks. To my understanding these attacks come in two flavors: =20 1) The attacker sends SYN packets only, leaving the connection half-open. 2) The attacker sends SYN packets and ACKs the SYN-ACK from the server, effectively opening the connection (this is probably not a real SYN flood attack, but nevertheless it takes server-side resources...). Are there any remedies in the eCos' BSD TCP/IP stack to overcome such attacks (e.g. SYN cache/cookies as suggested by RFC4987 to remedy attack type #1, timeouts, etc.)? Regards, Rene Schipp von Branitz Nielsen=20 Vitesse Semiconductors -- Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss