17 Sep
1996
17 Sep
'96
8:52 p.m.
In message <v03007814ae643a8d0173@[198.68.110.3]>, "Erik E. Fair" writes:
Your suggestion has two flaws:
1. missed SYN ACKs due to asymmetric routing.
On the order of 1,000 pps worth?
2. missed SYN ACKs due to diode routes.
Again. On the order of 1,000 pps worth? Remeber that a corrected kernel needs on the order of 1,000 pps on SYNs to have an effect (much more if the timer is dropped from 75 seconds). With the hashed PCBs the host doesn't even slow down all that much either. OTOH if the attacked host has a listen queue of 8 or something real small, it only takes one packet every 8 seconds or so to keep the queue full with a 75 second timer. Curtis