SYN flood messages flooding my mailbox

Curtis Villamizar wrote:

> > implementation. This is a denial of service exposure that has gone
> > unaddressed in host implementations until recently. BSD now uses a
> > hash table on the TCP PCBs (protocol control blocks in the kernel) and
> > with change of removal of the check can support close to 64K-2000 PCBs
> Hmm. Interesting. I was told that NetBSD did not...
> Which version of BSD should I look at? A hash table on a static array of
> PCBs is a much better solution than letting a linked list get to 2000
> entries...

Oops. That's in a BSDI patch (PATCH K210-019) but I'm not sure about
FreeBSD or NetBSD distributions since I don't have one handy.

  The SYN_RCVD bug has been fixed in FreeBSD source.
  i should know, i wrote the patch.
  as a result, the attacker has to sink the machine in less than
  75 seconds, else it begins to free resources. before the patch
  the attacker had ~11 minutes to do the deed. (would have been
  2 hours but for retransmission of the SYN-ACK packet by the target)

  the bug is dicsussed in detail on page 191 of tcp/ip illustrated
  by rick stevens.

  we have not yet moved to a hask table. soon.
  our SO_MAXCONN is 128, rather than the common 5.