Detecting or mitigating syn-flood attacks

Norman Gray gray at
Mon Jul 26 20:00:21 UTC 2021

Arthur and Steve, hello.

On 26 Jul 2021, at 14:42, Steve O'Hara-Smith wrote:

> 	There's a paper on using syncache for the purpose:

Many thanks, both.

I'll read through that paper carefully, and see if, following Arthur's 
suggestion, there's a way of including net.inet.tcp.syncache.count in 
our monitoring (in particular to try to work out what value of 'count' 
counts as 'a lot').

I'll try to remember to report back here.

Best wishes,


Norman Gray  :

More information about the freebsd-questions mailing list