(I've struck out now on freebsd-security and freebsd-net,
now trying freebsd-hackers....)
i've searched around deja and freebsd.org and come up wanting
(email archives show rarely show resolutions...).
what is the current status in stable and latest regarding
defense against SYN flood, and how is it implemented?
i found some discussion regarding the inadequacy of the "SYN cookie"
defense added to linux -- i couldn't make out whether that
fix has actually been withdrawn from linux or not.
i also didn't find an explanation of exactly what was bad about
it -- something about firewalls or NAT.
see for example:
http://x41.deja.com/getdoc.xp?AN=491586304&CONTEXT=942635225.1891434518&hitnum=26
and openbsd has apparently settled on a random dropping of
old half-open connections.
appreciate some clarification on this, as well as pointers
to where answers to things like this might be found, for
those of us who don't want to run grep through kernel sources.
-mda
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
---------- End Forwarded Message ----------
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
