Hmmm, this is interesting... we are getting hit with approx 6-10Mbp/s SYN's
on our external link (Which is a 100 Mb/s link), so it's hitting 10% usage
at most. Also, we have an inside private connection that just locks up when
this happens. Unfortunately I haven't been able to connect to the console
while this is happening, so I don't know if the whole computer is locking
up, or just the network connections.

Is there any doc's that I can look into, or any configs that I can check to
make sure that the syn flood protection is working?

Thanks again,
Laurence

> -----Original Message-----
> From: Jason R Thorpe [mailto:thorpej@wasabisystems.com]
> Sent: Wednesday, October 03, 2001 6:08 PM
> To: GNU Order
> Cc: Laurence Brockman; 'port-alpha@netbsd.org'
> Subject: Re: 6+ Mbps SYN flood causing Alpha 500a Workstation box to
> lock up.
> 
> 
> On Wed, Oct 03, 2001 at 07:34:26PM -0400, GNU Order wrote:
> 
>  > I dont know what netBSD has but linux has SYN cookies that 
> helps against that 
>  > kind of attack.  It doesn't stop the attack but it allows 
> for new connections 
>  > while you block the source's of the attack.
> 
> NetBSD actually has syn flood protection, in the form of a compressed
> state engine for passive TCP opens.
> 
> I'm not sure why its not helping in Laurence's case -- I have 
> tested it
> w/ multiple 100Mb/s syn flood attackers.
> 
> Perhaps the outside link is being saturated?
> 
> -- 
>         -- Jason R. Thorpe <thorpej@wasabisystems.com>
>