Detecting or mitigating syn-flood attacks
Norman Gray
gray at nxg.name
Mon Jul 26 20:00:21 UTC 2021
Arthur and Steve, hello.
On 26 Jul 2021, at 14:42, Steve O'Hara-Smith wrote:
> There's a paper on using syncache for the purpose:
Many thanks, both.
I'll read through that paper carefully, and see if, following Arthur's
suggestion, there's a way of including net.inet.tcp.syncache.count in
our monitoring (in particular to try to work out what value of 'count'
counts as 'a lot').
I'll try to remember to report back here.
Best wishes,
Norman
--
Norman Gray : https://nxg.me.uk
More information about the freebsd-questions
mailing list