From owner-tcp-impl@lerc.nasa.gov Tue Oct 12 16:51:28 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA26447 for ; Tue, 12 Oct 1999 16:51:27 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id NAA07164 for tcp-impl-outgoing; Tue, 12 Oct 1999 13:08:54 -0400 (EDT) Received: from drawbridge.ascend.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id NAA07141 for ; Tue, 12 Oct 1999 13:08:47 -0400 (EDT) Received: from fw-ext.ascend.com (fw-ext [198.4.92.5]) by drawbridge.ascend.com (8.9.1a/8.9.1) with SMTP id KAA21415 for ; Tue, 12 Oct 1999 10:03:34 -0700 (PDT) Received: from russet.ascend.com by fw-ext.ascend.com via smtpd (for drawbridge.ascend.com [198.4.92.1]) with SMTP; 12 Oct 1999 17:08:46 UT Received: from wopr.eng.ascend.com (wopr.eng.ascend.com [206.65.212.178]) by russet.ascend.com (8.9.1a/8.9.1) with ESMTP id KAA13276; Tue, 12 Oct 1999 10:08:45 -0700 (PDT) Received: from wli-sun.eng.ascend.com (wli-sun.eng.ascend.com [10.40.40.132]) by wopr.eng.ascend.com (8.9.1/8.9.1) with ESMTP id KAA22355; Tue, 12 Oct 1999 10:10:29 -0700 (PDT) Received: from ascend.com (localhost [127.0.0.1]) by wli-sun.eng.ascend.com (8.8.8+Sun/8.8.8) with ESMTP id KAA02601; Tue, 12 Oct 1999 10:08:37 -0700 (PDT) Message-ID: <38036B15.351498D9@ascend.com> Date: Tue, 12 Oct 1999 10:08:37 -0700 From: william Li X-Mailer: Mozilla 4.6 [en] (X11; I; SunOS 5.6 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: tcp-impl@lerc.nasa.gov, "liw@ascend.com" Subject: a question about SYN attack Content-Type: multipart/mixed; boundary="------------93350528E3080419D42BB84B" Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk This is a multi-part message in MIME format. --------------93350528E3080419D42BB84B Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi Folks: I want through the archive, and find out the summary about the SYN flood attack from David Borman. Unfortunately his summary(src) URL: ftp://ftp.bsdi.com/contrib/bsdi_contrib/44Lite-SYNcache.gz) is not accessible anymore and his e-mail dab@bsdi.com can not be reached either. Is there an RFC for this problem ? Is there any solution (src) available ? Very appreciated your help. --------------93350528E3080419D42BB84B Content-Type: message/delivery-status; name="nsmail380369462220293" Content-Disposition: inline; filename="nsmail380369462220293" Content-Transfer-Encoding: 7bit Reporting-MTA: dns; drawbridge.ascend.com Arrival-Date: Mon, 11 Oct 1999 18:19:08 -0700 (PDT) Final-Recipient: RFC822; dab@bsdi.com Action: delayed Status: 4.4.1 Remote-MTA: DNS; relay.bsdi.com Last-Attempt-Date: Mon, 11 Oct 1999 22:28:48 -0700 (PDT) Will-Retry-Until: Sat, 16 Oct 1999 18:19:08 -0700 (PDT) --------------93350528E3080419D42BB84B Content-Type: message/rfc822; name="nsmail380369462230293" Content-Disposition: inline; filename="nsmail380369462230293" Return-Path: Received: from fw-ext.ascend.com (fw-ext [198.4.92.5]) by drawbridge.ascend.com (8.9.1a/8.9.1) with SMTP id SAA19237 for ; Mon, 11 Oct 1999 18:19:08 -0700 (PDT) Received: from russet.ascend.com by fw-ext.ascend.com via smtpd (for drawbridge.ascend.com [198.4.92.1]) with SMTP; 12 Oct 1999 01:24:20 UT Received: from wopr.eng.ascend.com (wopr.eng.ascend.com [206.65.212.178]) by russet.ascend.com (8.9.1a/8.9.1) with ESMTP id SAA28353 for ; Mon, 11 Oct 1999 18:24:19 -0700 (PDT) Received: from wli-sun.eng.ascend.com (wli-sun.eng.ascend.com [10.40.40.132]) by wopr.eng.ascend.com (8.9.1/8.9.1) with ESMTP id SAA07477 for ; Mon, 11 Oct 1999 18:26:03 -0700 (PDT) Received: from ascend.com (localhost [127.0.0.1]) by wli-sun.eng.ascend.com (8.8.8+Sun/8.8.8) with ESMTP id SAA01504 for ; Mon, 11 Oct 1999 18:24:19 -0700 (PDT) Sender: liw@ascend.com Message-ID: <38028DC3.942B40B7@ascend.com> Date: Mon, 11 Oct 1999 18:24:19 -0700 From: william Li X-Mailer: Mozilla 4.6 [en] (X11; I; SunOS 5.6 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: dab@bsdi.com Subject: help Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi David: 2 years ago, you have the infamous syn attack resolved at: ftp://ftp.bsdi.com/contrib/bsdi_contrib/44Lite-SYNcache.gz Of course, the site is closed, could you point out the new site? or mail me the portion of the fix if possible. Thanks, -- Cheers William Li InterNetworking Systems, Lucent Technologies --------------93350528E3080419D42BB84B-- From owner-tcp-impl@lerc.nasa.gov Tue Oct 12 18:05:35 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA27705 for ; Tue, 12 Oct 1999 18:05:34 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id PAA23832 for tcp-impl-outgoing; Tue, 12 Oct 1999 15:01:44 -0400 (EDT) Received: from pneumatic-tube.sgi.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id PAA23822 for ; Tue, 12 Oct 1999 15:01:42 -0400 (EDT) Received: from cthulhu.engr.sgi.com (cthulhu.engr.sgi.com [192.26.80.2]) by pneumatic-tube.sgi.com (980327.SGI.8.8.8-aspam/980310.SGI-aspam) via ESMTP id MAA05731; Tue, 12 Oct 1999 12:02:16 -0700 (PDT) mail_from (zamsden@cthulhu.engr.sgi.com) Received: from clock.engr.sgi.com (clock.engr.sgi.com [150.166.75.10]) by cthulhu.engr.sgi.com (980427.SGI.8.8.8/970903.SGI.AUTOCF) via ESMTP id MAA47612; Tue, 12 Oct 1999 12:01:39 -0700 (PDT) mail_from (zamsden@cthulhu.engr.sgi.com) Received: from engr.sgi.com (localhost [127.0.0.1]) by clock.engr.sgi.com (980427.SGI.8.8.8/980728.SGI.AUTOCF) via ESMTP id LAA08824; Tue, 12 Oct 1999 11:49:24 -0700 (PDT) Message-ID: <380382B4.79626C27@engr.sgi.com> Date: Tue, 12 Oct 1999 11:49:24 -0700 From: Zachary Amsden X-Mailer: Mozilla 4.61 [en] (X11; U; IRIX 6.5-ALPHA-1275863520 IP32) X-Accept-Language: en MIME-Version: 1.0 To: william Li CC: tcp-impl@lerc.nasa.gov Subject: Re: a question about SYN attack References: <38036B15.351498D9@ascend.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk Content-Transfer-Encoding: 7bit One discussion of SYN attacks is found below: ftp://koobera.math.uic.edu/www/syncookies/archive Zachary Amsden zamsden@engr.sgi.com william Li wrote: > > Hi Folks: > > I want through the archive, and find out the summary > about the SYN flood attack from David Borman. Unfortunately > his summary(src) URL: > > ftp://ftp.bsdi.com/contrib/bsdi_contrib/44Lite-SYNcache.gz) > > is not accessible anymore and his e-mail dab@bsdi.com can > not be reached either. > > Is there an RFC for this problem ? > Is there any solution (src) available ? > > Very appreciated your help. > From owner-tcp-impl@lerc.nasa.gov Tue Oct 12 20:22:16 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA29134 for ; Tue, 12 Oct 1999 20:22:15 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id RAA08978 for tcp-impl-outgoing; Tue, 12 Oct 1999 17:03:49 -0400 (EDT) Received: from drawbridge.ascend.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id RAA08972 for ; Tue, 12 Oct 1999 17:03:47 -0400 (EDT) Received: from fw-ext.ascend.com (fw-ext [198.4.92.5]) by drawbridge.ascend.com (8.9.1a/8.9.1) with SMTP id NAA24362; Tue, 12 Oct 1999 13:58:34 -0700 (PDT) Received: from russet.ascend.com by fw-ext.ascend.com via smtpd (for drawbridge.ascend.com [198.4.92.1]) with SMTP; 12 Oct 1999 21:03:46 UT Received: from wopr.eng.ascend.com (wopr.eng.ascend.com [206.65.212.178]) by russet.ascend.com (8.9.1a/8.9.1) with ESMTP id OAA08278; Tue, 12 Oct 1999 14:03:46 -0700 (PDT) Received: from wli-sun.eng.ascend.com (wli-sun.eng.ascend.com [10.40.40.132]) by wopr.eng.ascend.com (8.9.1/8.9.1) with ESMTP id OAA02684; Tue, 12 Oct 1999 14:05:30 -0700 (PDT) Received: from ascend.com (localhost [127.0.0.1]) by wli-sun.eng.ascend.com (8.8.8+Sun/8.8.8) with ESMTP id OAA02888; Tue, 12 Oct 1999 14:03:46 -0700 (PDT) Message-ID: <3803A231.2DA1E7D3@ascend.com> Date: Tue, 12 Oct 1999 14:03:45 -0700 From: william Li X-Mailer: Mozilla 4.6 [en] (X11; I; SunOS 5.6 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: Zachary Amsden CC: tcp-impl@lerc.nasa.gov Subject: Re: a question about SYN attack References: <38036B15.351498D9@ascend.com> <380382B4.79626C27@engr.sgi.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk Content-Transfer-Encoding: 7bit This is the syn_cooky solusion. I believe that Vernon's random_drop solusion super-set this one. Does anyone have info about the radom_drop solusion ? Thanks, Zachary Amsden wrote: > > One discussion of SYN attacks is found below: > > ftp://koobera.math.uic.edu/www/syncookies/archive > > Zachary Amsden > zamsden@engr.sgi.com > > william Li wrote: > > > > Hi Folks: > > > > I want through the archive, and find out the summary > > about the SYN flood attack from David Borman. Unfortunately > > his summary(src) URL: > > > > ftp://ftp.bsdi.com/contrib/bsdi_contrib/44Lite-SYNcache.gz) > > > > is not accessible anymore and his e-mail dab@bsdi.com can > > not be reached either. > > > > Is there an RFC for this problem ? > > Is there any solution (src) available ? > > > > Very appreciated your help. > > -- Cheers William Li InterNetworking Systems, Lucent Technologies From owner-tcp-impl@lerc.nasa.gov Tue Oct 12 21:22:45 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA29627 for ; Tue, 12 Oct 1999 21:22:44 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id SAA15335 for tcp-impl-outgoing; Tue, 12 Oct 1999 18:20:35 -0400 (EDT) Received: from lestat.nas.nasa.gov (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id SAA15331 for ; Tue, 12 Oct 1999 18:20:33 -0400 (EDT) Received: from lestat (localhost [127.0.0.1]) by lestat.nas.nasa.gov (8.8.8/8.6.12) with ESMTP id PAA16813; Tue, 12 Oct 1999 15:20:17 -0700 (PDT) Message-Id: <199910122220.PAA16813@lestat.nas.nasa.gov> To: Zachary Amsden Cc: william Li , tcp-impl@lerc.nasa.gov Subject: Re: a question about SYN attack Reply-To: Jason Thorpe From: Jason Thorpe Date: Tue, 12 Oct 1999 15:20:16 -0700 Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk On Tue, 12 Oct 1999 11:49:24 -0700 Zachary Amsden wrote: > One discussion of SYN attacks is found below: > > ftp://koobera.math.uic.edu/www/syncookies/archive > > Zachary Amsden > zamsden@engr.sgi.com NetBSD also implements the Borman "SYN cache" (it's based on the original published BSDI diff, but has changed rather significantly since then). In NetBSD, it is used for all passive embryonic connections (unlike the BSD/OS version, which was activated only when the system was under "attack"). Information on obtaining the NetBSD source code can be found at: http://www.netbsd.org/ > > I want through the archive, and find out the summary > > about the SYN flood attack from David Borman. Unfortunately > > his summary(src) URL: > > > > ftp://ftp.bsdi.com/contrib/bsdi_contrib/44Lite-SYNcache.gz) > > > > is not accessible anymore and his e-mail dab@bsdi.com can > > not be reached either. > > > > Is there an RFC for this problem ? > > Is there any solution (src) available ? > > > > Very appreciated your help. > > -- Jason R. Thorpe From owner-tcp-impl@lerc.nasa.gov Tue Oct 12 21:41:28 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA29894 for ; Tue, 12 Oct 1999 21:41:27 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id SAA16413 for tcp-impl-outgoing; Tue, 12 Oct 1999 18:34:01 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id SAA16405 for ; Tue, 12 Oct 1999 18:33:52 -0400 (EDT) Received: from mail.griff-co.com (3-1-11.slc.fiber.net [209.90.98.12]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id QAA16639; Tue, 12 Oct 1999 16:32:59 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Tue, 12 Oct 1999 16:32:01 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id QAA12137 for ; Tue, 12 Oct 1999 16:03:04 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id QAA10691 for ; Tue, 12 Oct 1999 16:03:03 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id NAA07164 for tcp-impl-outgoing; Tue, 12 Oct 1999 13:08:54 -0400 (EDT) Received: from drawbridge.ascend.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id NAA07141 for ; Tue, 12 Oct 1999 13:08:47 -0400 (EDT) Received: from fw-ext.ascend.com (fw-ext [198.4.92.5]) by drawbridge.ascend.com (8.9.1a/8.9.1) with SMTP id KAA21415 for ; Tue, 12 Oct 1999 10:03:34 -0700 (PDT) Received: from russet.ascend.com by fw-ext.ascend.com via smtpd (for drawbridge.ascend.com [198.4.92.1]) with SMTP; 12 Oct 1999 17:08:46 UT Received: from wopr.eng.ascend.com (wopr.eng.ascend.com [206.65.212.178]) by russet.ascend.com (8.9.1a/8.9.1) with ESMTP id KAA13276; Tue, 12 Oct 1999 10:08:45 -0700 (PDT) Received: from wli-sun.eng.ascend.com (wli-sun.eng.ascend.com [10.40.40.132]) by wopr.eng.ascend.com (8.9.1/8.9.1) with ESMTP id KAA22355; Tue, 12 Oct 1999 10:10:29 -0700 (PDT) Received: from ascend.com (localhost [127.0.0.1]) by wli-sun.eng.ascend.com (8.8.8+Sun/8.8.8) with ESMTP id KAA02601; Tue, 12 Oct 1999 10:08:37 -0700 (PDT) Message-ID: <38036B15.351498D9@ascend.com> Date: Tue, 12 Oct 1999 10:08:37 -0700 From: william Li X-Mailer: Mozilla 4.6 [en] (X11; I; SunOS 5.6 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: tcp-impl@lerc.nasa.gov, "liw@ascend.com" Subject: a question about SYN attack Content-Type: multipart/mixed; boundary="------------93350528E3080419D42BB84B" X-UIDL: 66df026af0c5a8d4c4638a8054472840 Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk This is a multi-part message in MIME format. --------------93350528E3080419D42BB84B Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi Folks: I want through the archive, and find out the summary about the SYN flood attack from David Borman. Unfortunately his summary(src) URL: ftp://ftp.bsdi.com/contrib/bsdi_contrib/44Lite-SYNcache.gz) is not accessible anymore and his e-mail dab@bsdi.com can not be reached either. Is there an RFC for this problem ? Is there any solution (src) available ? Very appreciated your help. --------------93350528E3080419D42BB84B Content-Type: message/delivery-status; name="nsmail380369462220293" Content-Disposition: inline; filename="nsmail380369462220293" Content-Transfer-Encoding: 7bit Reporting-MTA: dns; drawbridge.ascend.com Arrival-Date: Mon, 11 Oct 1999 18:19:08 -0700 (PDT) Final-Recipient: RFC822; dab@bsdi.com Action: delayed Status: 4.4.1 Remote-MTA: DNS; relay.bsdi.com Last-Attempt-Date: Mon, 11 Oct 1999 22:28:48 -0700 (PDT) Will-Retry-Until: Sat, 16 Oct 1999 18:19:08 -0700 (PDT) --------------93350528E3080419D42BB84B Content-Type: message/rfc822; name="nsmail380369462230293" Content-Disposition: inline; filename="nsmail380369462230293" Return-Path: Received: from fw-ext.ascend.com (fw-ext [198.4.92.5]) by drawbridge.ascend.com (8.9.1a/8.9.1) with SMTP id SAA19237 for ; Mon, 11 Oct 1999 18:19:08 -0700 (PDT) Received: from russet.ascend.com by fw-ext.ascend.com via smtpd (for drawbridge.ascend.com [198.4.92.1]) with SMTP; 12 Oct 1999 01:24:20 UT Received: from wopr.eng.ascend.com (wopr.eng.ascend.com [206.65.212.178]) by russet.ascend.com (8.9.1a/8.9.1) with ESMTP id SAA28353 for ; Mon, 11 Oct 1999 18:24:19 -0700 (PDT) Received: from wli-sun.eng.ascend.com (wli-sun.eng.ascend.com [10.40.40.132]) by wopr.eng.ascend.com (8.9.1/8.9.1) with ESMTP id SAA07477 for ; Mon, 11 Oct 1999 18:26:03 -0700 (PDT) Received: from ascend.com (localhost [127.0.0.1]) by wli-sun.eng.ascend.com (8.8.8+Sun/8.8.8) with ESMTP id SAA01504 for ; Mon, 11 Oct 1999 18:24:19 -0700 (PDT) Sender: liw@ascend.com Message-ID: <38028DC3.942B40B7@ascend.com> Date: Mon, 11 Oct 1999 18:24:19 -0700 From: william Li X-Mailer: Mozilla 4.6 [en] (X11; I; SunOS 5.6 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: dab@bsdi.com Subject: help Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi David: 2 years ago, you have the infamous syn attack resolved at: ftp://ftp.bsdi.com/contrib/bsdi_contrib/44Lite-SYNcache.gz Of course, the site is closed, could you point out the new site? or mail me the portion of the fix if possible. Thanks, -- Cheers William Li InterNetworking Systems, Lucent Technologies --------------93350528E3080419D42BB84B-- From owner-tcp-impl@lerc.nasa.gov Tue Oct 12 22:09:58 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA01174 for ; Tue, 12 Oct 1999 22:09:57 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id TAA18082 for tcp-impl-outgoing; Tue, 12 Oct 1999 19:01:14 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id TAA18018 for ; Tue, 12 Oct 1999 19:00:55 -0400 (EDT) Received: from mail.griff-co.com (3-2-14.slc.fiber.net [209.90.98.79]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id RAA20691; Tue, 12 Oct 1999 17:00:50 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Tue, 12 Oct 1999 17:01:07 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id QAA19062 for ; Tue, 12 Oct 1999 16:49:43 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id QAA10917 for ; Tue, 12 Oct 1999 16:49:42 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id PAA23832 for tcp-impl-outgoing; Tue, 12 Oct 1999 15:01:44 -0400 (EDT) Received: from pneumatic-tube.sgi.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id PAA23822 for ; Tue, 12 Oct 1999 15:01:42 -0400 (EDT) Received: from cthulhu.engr.sgi.com (cthulhu.engr.sgi.com [192.26.80.2]) by pneumatic-tube.sgi.com (980327.SGI.8.8.8-aspam/980310.SGI-aspam) via ESMTP id MAA05731; Tue, 12 Oct 1999 12:02:16 -0700 (PDT) mail_from (zamsden@cthulhu.engr.sgi.com) Received: from clock.engr.sgi.com (clock.engr.sgi.com [150.166.75.10]) by cthulhu.engr.sgi.com (980427.SGI.8.8.8/970903.SGI.AUTOCF) via ESMTP id MAA47612; Tue, 12 Oct 1999 12:01:39 -0700 (PDT) mail_from (zamsden@cthulhu.engr.sgi.com) Received: from engr.sgi.com (localhost [127.0.0.1]) by clock.engr.sgi.com (980427.SGI.8.8.8/980728.SGI.AUTOCF) via ESMTP id LAA08824; Tue, 12 Oct 1999 11:49:24 -0700 (PDT) Message-ID: <380382B4.79626C27@engr.sgi.com> Date: Tue, 12 Oct 1999 11:49:24 -0700 From: Zachary Amsden X-Mailer: Mozilla 4.61 [en] (X11; U; IRIX 6.5-ALPHA-1275863520 IP32) X-Accept-Language: en MIME-Version: 1.0 To: william Li CC: tcp-impl@lerc.nasa.gov Subject: Re: a question about SYN attack References: <38036B15.351498D9@ascend.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-UIDL: 85bed951f03dc7fa44bc428fbdef7b4e Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk Content-Transfer-Encoding: 7bit One discussion of SYN attacks is found below: ftp://koobera.math.uic.edu/www/syncookies/archive Zachary Amsden zamsden@engr.sgi.com william Li wrote: > > Hi Folks: > > I want through the archive, and find out the summary > about the SYN flood attack from David Borman. Unfortunately > his summary(src) URL: > > ftp://ftp.bsdi.com/contrib/bsdi_contrib/44Lite-SYNcache.gz) > > is not accessible anymore and his e-mail dab@bsdi.com can > not be reached either. > > Is there an RFC for this problem ? > Is there any solution (src) available ? > > Very appreciated your help. > From owner-tcp-impl@lerc.nasa.gov Tue Oct 12 22:12:25 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA01199 for ; Tue, 12 Oct 1999 22:12:23 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id TAA18622 for tcp-impl-outgoing; Tue, 12 Oct 1999 19:09:52 -0400 (EDT) Received: from calcite.rhyolite.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id TAA18618 for ; Tue, 12 Oct 1999 19:09:50 -0400 (EDT) Received: (from vjs@localhost) by calcite.rhyolite.com (8.9.3/calcite) id RAA20851 for tcp-impl@lerc.nasa.gov env-from ; Tue, 12 Oct 1999 17:09:48 -0600 (MDT) Date: Tue, 12 Oct 1999 17:09:48 -0600 (MDT) From: Vernon Schryver Message-Id: <199910122309.RAA20851@calcite.rhyolite.com> To: tcp-impl@lerc.nasa.gov Subject: Re: a question about SYN attack Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk > From: william Li > This is the syn_cooky solusion. I believe that > Vernon's random_drop solusion super-set this > one. Does anyone have info about the radom_drop > solusion ? I think the syn-cooky solution was different, and neither a super-set, sub-set, extension, or precursor of random-drop. I also don't like it. Exactly what is the question? Dave Borman's solution can be viewed as a superset of random drop. He switched to a hash table to find TCB's, something that everyone who deals with large numbers of sockets must do to avoid performance problems. He also changed things so that much less state is kept for each partly open connection. When that table overflowed, he picked an arbitrary, reasonably random connection to throw out of the table. That last bit of picking a random connection to give up on instead of either the classic 4.*BSD tactic of the newest connection or other systems' giving up on the oldest connection is crux of random-drop. Note that the idea of random-drop was suggested by a public note by Robert Morris Jr. Has something happened to BSDI? Is there any reason to think that their FTP site won't be back? I can't reach them either, but it looks more like a routing problem at about the nearest default free router from here than a corporate dissolution. Vernon Schryver vjs@rhyolite.com From owner-tcp-impl@lerc.nasa.gov Tue Oct 12 22:28:12 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA01256 for ; Tue, 12 Oct 1999 22:28:11 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id TAA19143 for tcp-impl-outgoing; Tue, 12 Oct 1999 19:21:00 -0400 (EDT) Received: from mailman.cisco.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id TAA19139 for ; Tue, 12 Oct 1999 19:20:58 -0400 (EDT) Received: from bigger-dawgs ([171.70.114.134]) by mailman.cisco.com (8.8.8+Sun/CISCO.SERVER.1.2) with ESMTP id QAA27114; Tue, 12 Oct 1999 16:20:20 -0700 (PDT) Message-Id: <4.2.0.58.19991012191829.00978a50@lint.cisco.com> X-Sender: pferguso@lint.cisco.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Tue, 12 Oct 1999 19:20:11 -0400 To: william Li From: Paul Ferguson Subject: Re: a question about SYN attack Cc: tcp-impl@lerc.nasa.gov, "liw@ascend.com" In-Reply-To: <38036B15.351498D9@ascend.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk Please see: ftp://ftp.isi.edu/in-notes/rfc2267.txt and http://users.quadrunner.com/chuegen/smurf.txt - paul At 10:08 AM 10/12/1999 -0700, william Li wrote: >Hi Folks: > >I want through the archive, and find out the summary >about the SYN flood attack from David Borman. Unfortunately >his summary(src) URL: > >ftp://ftp.bsdi.com/contrib/bsdi_contrib/44Lite-SYNcache.gz) > >is not accessible anymore and his e-mail dab@bsdi.com can >not be reached either. > >Is there an RFC for this problem ? >Is there any solution (src) available ? > >Very appreciated your help.Reporting-MTA: dns; drawbridge.ascend.com >Arrival-Date: Mon, 11 Oct 1999 18:19:08 -0700 (PDT) > >Final-Recipient: RFC822; dab@bsdi.com >Action: delayed >Status: 4.4.1 >Remote-MTA: DNS; relay.bsdi.com >Last-Attempt-Date: Mon, 11 Oct 1999 22:28:48 -0700 (PDT) >Will-Retry-Until: Sat, 16 Oct 1999 18:19:08 -0700 (PDT) > >Return-Path: >Received: from fw-ext.ascend.com (fw-ext [198.4.92.5]) > by drawbridge.ascend.com (8.9.1a/8.9.1) with SMTP id SAA19237 > for ; Mon, 11 Oct 1999 18:19:08 -0700 (PDT) >Received: from russet.ascend.com by fw-ext.ascend.com > via smtpd (for drawbridge.ascend.com [198.4.92.1]) with SMTP; > 12 Oct 1999 01:24:20 UT >Received: from wopr.eng.ascend.com (wopr.eng.ascend.com [206.65.212.178]) > by russet.ascend.com (8.9.1a/8.9.1) with ESMTP id SAA28353 > for ; Mon, 11 Oct 1999 18:24:19 -0700 (PDT) >Received: from wli-sun.eng.ascend.com (wli-sun.eng.ascend.com [10.40.40.132]) > by wopr.eng.ascend.com (8.9.1/8.9.1) with ESMTP id SAA07477 > for ; Mon, 11 Oct 1999 18:26:03 -0700 (PDT) >Received: from ascend.com (localhost [127.0.0.1]) > by wli-sun.eng.ascend.com (8.8.8+Sun/8.8.8) with ESMTP id SAA01504 > for ; Mon, 11 Oct 1999 18:24:19 -0700 (PDT) >Sender: liw@ascend.com >Message-ID: <38028DC3.942B40B7@ascend.com> >Date: Mon, 11 Oct 1999 18:24:19 -0700 >From: william Li >X-Mailer: Mozilla 4.6 [en] (X11; I; SunOS 5.6 sun4u) >X-Accept-Language: en >MIME-Version: 1.0 >To: dab@bsdi.com >Subject: help >Content-Type: text/plain; charset=us-ascii >Content-Transfer-Encoding: 7bit > >Hi David: > >2 years ago, you have the infamous syn attack >resolved at: > >ftp://ftp.bsdi.com/contrib/bsdi_contrib/44Lite-SYNcache.gz > >Of course, the site is closed, could you >point out the new site? or mail me the >portion of the fix if possible. > >Thanks, >-- >Cheers > >William Li >InterNetworking Systems, Lucent Technologies From owner-tcp-impl@lerc.nasa.gov Wed Oct 13 00:17:42 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA03592 for ; Wed, 13 Oct 1999 00:17:41 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id VAA24748 for tcp-impl-outgoing; Tue, 12 Oct 1999 21:10:38 -0400 (EDT) Received: from drawbridge.ascend.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id VAA24744 for ; Tue, 12 Oct 1999 21:10:36 -0400 (EDT) Received: from fw-ext.ascend.com (fw-ext [198.4.92.5]) by drawbridge.ascend.com (8.9.1a/8.9.1) with SMTP id SAA19143; Tue, 12 Oct 1999 18:05:22 -0700 (PDT) Received: from russet.ascend.com by fw-ext.ascend.com via smtpd (for drawbridge.ascend.com [198.4.92.1]) with SMTP; 13 Oct 1999 01:10:35 UT Received: from wopr.eng.ascend.com (wopr.eng.ascend.com [206.65.212.178]) by russet.ascend.com (8.9.1a/8.9.1) with ESMTP id SAA18296; Tue, 12 Oct 1999 18:10:34 -0700 (PDT) Received: from wli-sun.eng.ascend.com (wli-sun.eng.ascend.com [10.40.40.132]) by wopr.eng.ascend.com (8.9.1/8.9.1) with ESMTP id SAA11772; Tue, 12 Oct 1999 18:12:18 -0700 (PDT) Received: from ascend.com (localhost [127.0.0.1]) by wli-sun.eng.ascend.com (8.8.8+Sun/8.8.8) with ESMTP id SAA03597; Tue, 12 Oct 1999 18:10:29 -0700 (PDT) Message-ID: <3803DC05.20081989@ascend.com> Date: Tue, 12 Oct 1999 18:10:29 -0700 From: william Li X-Mailer: Mozilla 4.6 [en] (X11; I; SunOS 5.6 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: Vernon Schryver CC: tcp-impl@lerc.nasa.gov Subject: Re: a question about SYN attack References: <199910122309.RAA20851@calcite.rhyolite.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk Content-Transfer-Encoding: 7bit Thanks, Vernon. You answered my question with the following comment. BTW, netbsd has a syn_cache implementation: ftp://ftp.netbsd.org/pub/NetBSD/NetBSD-1.4.1/source/ Vernon Schryver wrote: > > Dave Borman's solution can be viewed as a superset of random drop. He > switched to a hash table to find TCB's, something that everyone who deals > with large numbers of sockets must do to avoid performance problems. He > also changed things so that much less state is kept for each partly open > connection. When that table overflowed, he picked an arbitrary, > reasonably random connection to throw out of the table. That last bit > of picking a random connection to give up on instead of either the classic > 4.*BSD tactic of the newest connection or other systems' giving up on > the oldest connection is crux of random-drop. From owner-tcp-impl@lerc.nasa.gov Wed Oct 13 02:59:36 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA15657 for ; Wed, 13 Oct 1999 02:59:35 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id XAA02578 for tcp-impl-outgoing; Tue, 12 Oct 1999 23:29:21 -0400 (EDT) Received: from frantic.bsdi.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id XAA02490 for ; Tue, 12 Oct 1999 23:29:15 -0400 (EDT) Received: (from dab@localhost) by frantic.bsdi.com (8.9.0/8.9.0) id WAA05957; Tue, 12 Oct 1999 22:28:21 -0500 (CDT) Date: Tue, 12 Oct 1999 22:28:21 -0500 (CDT) From: David Borman Message-Id: <199910130328.WAA05957@frantic.bsdi.com> To: liw@ascend.com Subject: Re: a question about SYN attack Cc: tcp-impl@lerc.nasa.gov Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk William, > I want through the archive, and find out the summary > about the SYN flood attack from David Borman. Unfortunately > his summary(src) URL: > > ftp://ftp.bsdi.com/contrib/bsdi_contrib/44Lite-SYNcache.gz) > > is not accessible anymore and his e-mail dab@bsdi.com can > not be reached either. BSDI is back on the air, after a 2 day outage. Our ISP had a broken backbone between POPs, and we were on the wrong side. :-( Anyway, all of bsdi.com is now accessable again. For the time being, I've put a copy of the 44 SYN cache diffs up at: ftp://ftp.bsdi.com/private/44-syn-diffs.gz -David Borman, dab@bsdi.com From owner-tcp-impl@lerc.nasa.gov Wed Oct 13 11:39:44 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA27574 for ; Wed, 13 Oct 1999 11:39:43 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id IAA01174 for tcp-impl-outgoing; Wed, 13 Oct 1999 08:13:24 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id IAA01160 for ; Wed, 13 Oct 1999 08:13:22 -0400 (EDT) Received: from mail.griff-co.com (3-1-4.slc.fiber.net [209.90.98.5]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id GAA17498; Wed, 13 Oct 1999 06:13:19 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 06:07:36 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id VAA21195 for ; Tue, 12 Oct 1999 21:37:56 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id VAA12633 for ; Tue, 12 Oct 1999 21:37:37 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id TAA19143 for tcp-impl-outgoing; Tue, 12 Oct 1999 19:21:00 -0400 (EDT) Received: from mailman.cisco.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id TAA19139 for ; Tue, 12 Oct 1999 19:20:58 -0400 (EDT) Received: from bigger-dawgs ([171.70.114.134]) by mailman.cisco.com (8.8.8+Sun/CISCO.SERVER.1.2) with ESMTP id QAA27114; Tue, 12 Oct 1999 16:20:20 -0700 (PDT) Message-Id: <4.2.0.58.19991012191829.00978a50@lint.cisco.com> X-Sender: pferguso@lint.cisco.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Tue, 12 Oct 1999 19:20:11 -0400 To: william Li From: Paul Ferguson Subject: Re: a question about SYN attack Cc: tcp-impl@lerc.nasa.gov, "liw@ascend.com" In-Reply-To: <38036B15.351498D9@ascend.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-UIDL: f758b9ac9afca683296ed4b41b08dcd4 Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk Please see: ftp://ftp.isi.edu/in-notes/rfc2267.txt and http://users.quadrunner.com/chuegen/smurf.txt - paul At 10:08 AM 10/12/1999 -0700, william Li wrote: >Hi Folks: > >I want through the archive, and find out the summary >about the SYN flood attack from David Borman. Unfortunately >his summary(src) URL: > >ftp://ftp.bsdi.com/contrib/bsdi_contrib/44Lite-SYNcache.gz) > >is not accessible anymore and his e-mail dab@bsdi.com can >not be reached either. > >Is there an RFC for this problem ? >Is there any solution (src) available ? > >Very appreciated your help.Reporting-MTA: dns; drawbridge.ascend.com >Arrival-Date: Mon, 11 Oct 1999 18:19:08 -0700 (PDT) > >Final-Recipient: RFC822; dab@bsdi.com >Action: delayed >Status: 4.4.1 >Remote-MTA: DNS; relay.bsdi.com >Last-Attempt-Date: Mon, 11 Oct 1999 22:28:48 -0700 (PDT) >Will-Retry-Until: Sat, 16 Oct 1999 18:19:08 -0700 (PDT) > >Return-Path: >Received: from fw-ext.ascend.com (fw-ext [198.4.92.5]) > by drawbridge.ascend.com (8.9.1a/8.9.1) with SMTP id SAA19237 > for ; Mon, 11 Oct 1999 18:19:08 -0700 (PDT) >Received: from russet.ascend.com by fw-ext.ascend.com > via smtpd (for drawbridge.ascend.com [198.4.92.1]) with SMTP; > 12 Oct 1999 01:24:20 UT >Received: from wopr.eng.ascend.com (wopr.eng.ascend.com [206.65.212.178]) > by russet.ascend.com (8.9.1a/8.9.1) with ESMTP id SAA28353 > for ; Mon, 11 Oct 1999 18:24:19 -0700 (PDT) >Received: from wli-sun.eng.ascend.com (wli-sun.eng.ascend.com [10.40.40.132]) > by wopr.eng.ascend.com (8.9.1/8.9.1) with ESMTP id SAA07477 > for ; Mon, 11 Oct 1999 18:26:03 -0700 (PDT) >Received: from ascend.com (localhost [127.0.0.1]) > by wli-sun.eng.ascend.com (8.8.8+Sun/8.8.8) with ESMTP id SAA01504 > for ; Mon, 11 Oct 1999 18:24:19 -0700 (PDT) >Sender: liw@ascend.com >Message-ID: <38028DC3.942B40B7@ascend.com> >Date: Mon, 11 Oct 1999 18:24:19 -0700 >From: william Li >X-Mailer: Mozilla 4.6 [en] (X11; I; SunOS 5.6 sun4u) >X-Accept-Language: en >MIME-Version: 1.0 >To: dab@bsdi.com >Subject: help >Content-Type: text/plain; charset=us-ascii >Content-Transfer-Encoding: 7bit > >Hi David: > >2 years ago, you have the infamous syn attack >resolved at: > >ftp://ftp.bsdi.com/contrib/bsdi_contrib/44Lite-SYNcache.gz > >Of course, the site is closed, could you >point out the new site? or mail me the >portion of the fix if possible. > >Thanks, >-- >Cheers > >William Li >InterNetworking Systems, Lucent Technologies From owner-tcp-impl@lerc.nasa.gov Wed Oct 13 11:39:48 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA27585 for ; Wed, 13 Oct 1999 11:39:48 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id IAA01101 for tcp-impl-outgoing; Wed, 13 Oct 1999 08:12:57 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id IAA01092 for ; Wed, 13 Oct 1999 08:12:53 -0400 (EDT) Received: from mail.griff-co.com (3-1-4.slc.fiber.net [209.90.98.5]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id GAA17417 for ; Wed, 13 Oct 1999 06:12:47 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 06:07:26 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id VAA19949 for ; Tue, 12 Oct 1999 21:25:46 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id VAA12566 for ; Tue, 12 Oct 1999 21:25:45 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id TAA18622 for tcp-impl-outgoing; Tue, 12 Oct 1999 19:09:52 -0400 (EDT) Received: from calcite.rhyolite.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id TAA18618 for ; Tue, 12 Oct 1999 19:09:50 -0400 (EDT) Received: (from vjs@localhost) by calcite.rhyolite.com (8.9.3/calcite) id RAA20851 for tcp-impl@lerc.nasa.gov env-from ; Tue, 12 Oct 1999 17:09:48 -0600 (MDT) Date: Tue, 12 Oct 1999 17:09:48 -0600 (MDT) From: Vernon Schryver Message-Id: <199910122309.RAA20851@calcite.rhyolite.com> To: tcp-impl@lerc.nasa.gov Subject: Re: a question about SYN attack X-UIDL: c153c20dc6562d623f58315a0d9a3625 Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk > From: william Li > This is the syn_cooky solusion. I believe that > Vernon's random_drop solusion super-set this > one. Does anyone have info about the radom_drop > solusion ? I think the syn-cooky solution was different, and neither a super-set, sub-set, extension, or precursor of random-drop. I also don't like it. Exactly what is the question? Dave Borman's solution can be viewed as a superset of random drop. He switched to a hash table to find TCB's, something that everyone who deals with large numbers of sockets must do to avoid performance problems. He also changed things so that much less state is kept for each partly open connection. When that table overflowed, he picked an arbitrary, reasonably random connection to throw out of the table. That last bit of picking a random connection to give up on instead of either the classic 4.*BSD tactic of the newest connection or other systems' giving up on the oldest connection is crux of random-drop. Note that the idea of random-drop was suggested by a public note by Robert Morris Jr. Has something happened to BSDI? Is there any reason to think that their FTP site won't be back? I can't reach them either, but it looks more like a routing problem at about the nearest default free router from here than a corporate dissolution. Vernon Schryver vjs@rhyolite.com From owner-tcp-impl@lerc.nasa.gov Wed Oct 13 11:40:20 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA27603 for ; Wed, 13 Oct 1999 11:40:20 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id IAA01069 for tcp-impl-outgoing; Wed, 13 Oct 1999 08:12:30 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id IAA01060 for ; Wed, 13 Oct 1999 08:12:27 -0400 (EDT) Received: from mail.griff-co.com (3-1-4.slc.fiber.net [209.90.98.5]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id GAA17369; Wed, 13 Oct 1999 06:12:16 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 06:07:17 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id VAA18417 for ; Tue, 12 Oct 1999 21:12:29 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id VAA12477 for ; Tue, 12 Oct 1999 21:12:29 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id TAA18082 for tcp-impl-outgoing; Tue, 12 Oct 1999 19:01:14 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id TAA18018 for ; Tue, 12 Oct 1999 19:00:55 -0400 (EDT) Received: from mail.griff-co.com (3-2-14.slc.fiber.net [209.90.98.79]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id RAA20691; Tue, 12 Oct 1999 17:00:50 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Tue, 12 Oct 1999 17:01:07 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id QAA19062 for ; Tue, 12 Oct 1999 16:49:43 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id QAA10917 for ; Tue, 12 Oct 1999 16:49:42 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id PAA23832 for tcp-impl-outgoing; Tue, 12 Oct 1999 15:01:44 -0400 (EDT) Received: from pneumatic-tube.sgi.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id PAA23822 for ; Tue, 12 Oct 1999 15:01:42 -0400 (EDT) Received: from cthulhu.engr.sgi.com (cthulhu.engr.sgi.com [192.26.80.2]) by pneumatic-tube.sgi.com (980327.SGI.8.8.8-aspam/980310.SGI-aspam) via ESMTP id MAA05731; Tue, 12 Oct 1999 12:02:16 -0700 (PDT) mail_from (zamsden@cthulhu.engr.sgi.com) Received: from clock.engr.sgi.com (clock.engr.sgi.com [150.166.75.10]) by cthulhu.engr.sgi.com (980427.SGI.8.8.8/970903.SGI.AUTOCF) via ESMTP id MAA47612; Tue, 12 Oct 1999 12:01:39 -0700 (PDT) mail_from (zamsden@cthulhu.engr.sgi.com) Received: from engr.sgi.com (localhost [127.0.0.1]) by clock.engr.sgi.com (980427.SGI.8.8.8/980728.SGI.AUTOCF) via ESMTP id LAA08824; Tue, 12 Oct 1999 11:49:24 -0700 (PDT) Message-ID: <380382B4.79626C27@engr.sgi.com> Date: Tue, 12 Oct 1999 11:49:24 -0700 From: Zachary Amsden X-Mailer: Mozilla 4.61 [en] (X11; U; IRIX 6.5-ALPHA-1275863520 IP32) X-Accept-Language: en MIME-Version: 1.0 To: william Li CC: tcp-impl@lerc.nasa.gov Subject: Re: a question about SYN attack References: <38036B15.351498D9@ascend.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-UIDL: 85bed951f03dc7fa44bc428fbdef7b4e Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk Content-Transfer-Encoding: 7bit One discussion of SYN attacks is found below: ftp://koobera.math.uic.edu/www/syncookies/archive Zachary Amsden zamsden@engr.sgi.com william Li wrote: > > Hi Folks: > > I want through the archive, and find out the summary > about the SYN flood attack from David Borman. Unfortunately > his summary(src) URL: > > ftp://ftp.bsdi.com/contrib/bsdi_contrib/44Lite-SYNcache.gz) > > is not accessible anymore and his e-mail dab@bsdi.com can > not be reached either. > > Is there an RFC for this problem ? > Is there any solution (src) available ? > > Very appreciated your help. > From owner-tcp-impl@lerc.nasa.gov Wed Oct 13 11:40:46 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA27628 for ; Wed, 13 Oct 1999 11:40:45 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id IAA01468 for tcp-impl-outgoing; Wed, 13 Oct 1999 08:15:22 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id IAA01454 for ; Wed, 13 Oct 1999 08:15:19 -0400 (EDT) Received: from mail.griff-co.com (3-1-4.slc.fiber.net [209.90.98.5]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id GAA17686; Wed, 13 Oct 1999 06:15:14 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 06:14:45 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id XAA02721 for ; Tue, 12 Oct 1999 23:32:53 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id XAA13200 for ; Tue, 12 Oct 1999 23:32:52 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id VAA24748 for tcp-impl-outgoing; Tue, 12 Oct 1999 21:10:38 -0400 (EDT) Received: from drawbridge.ascend.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id VAA24744 for ; Tue, 12 Oct 1999 21:10:36 -0400 (EDT) Received: from fw-ext.ascend.com (fw-ext [198.4.92.5]) by drawbridge.ascend.com (8.9.1a/8.9.1) with SMTP id SAA19143; Tue, 12 Oct 1999 18:05:22 -0700 (PDT) Received: from russet.ascend.com by fw-ext.ascend.com via smtpd (for drawbridge.ascend.com [198.4.92.1]) with SMTP; 13 Oct 1999 01:10:35 UT Received: from wopr.eng.ascend.com (wopr.eng.ascend.com [206.65.212.178]) by russet.ascend.com (8.9.1a/8.9.1) with ESMTP id SAA18296; Tue, 12 Oct 1999 18:10:34 -0700 (PDT) Received: from wli-sun.eng.ascend.com (wli-sun.eng.ascend.com [10.40.40.132]) by wopr.eng.ascend.com (8.9.1/8.9.1) with ESMTP id SAA11772; Tue, 12 Oct 1999 18:12:18 -0700 (PDT) Received: from ascend.com (localhost [127.0.0.1]) by wli-sun.eng.ascend.com (8.8.8+Sun/8.8.8) with ESMTP id SAA03597; Tue, 12 Oct 1999 18:10:29 -0700 (PDT) Message-ID: <3803DC05.20081989@ascend.com> Date: Tue, 12 Oct 1999 18:10:29 -0700 From: william Li X-Mailer: Mozilla 4.6 [en] (X11; I; SunOS 5.6 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: Vernon Schryver CC: tcp-impl@lerc.nasa.gov Subject: Re: a question about SYN attack References: <199910122309.RAA20851@calcite.rhyolite.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-UIDL: aaac407894223cc0e0184e26e7a4f34b Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk Content-Transfer-Encoding: 7bit Thanks, Vernon. You answered my question with the following comment. BTW, netbsd has a syn_cache implementation: ftp://ftp.netbsd.org/pub/NetBSD/NetBSD-1.4.1/source/ Vernon Schryver wrote: > > Dave Borman's solution can be viewed as a superset of random drop. He > switched to a hash table to find TCB's, something that everyone who deals > with large numbers of sockets must do to avoid performance problems. He > also changed things so that much less state is kept for each partly open > connection. When that table overflowed, he picked an arbitrary, > reasonably random connection to throw out of the table. That last bit > of picking a random connection to give up on instead of either the classic > 4.*BSD tactic of the newest connection or other systems' giving up on > the oldest connection is crux of random-drop. From owner-tcp-impl@lerc.nasa.gov Wed Oct 13 11:48:56 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA27796 for ; Wed, 13 Oct 1999 11:48:55 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id IAA01041 for tcp-impl-outgoing; Wed, 13 Oct 1999 08:12:14 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id IAA01023 for ; Wed, 13 Oct 1999 08:12:07 -0400 (EDT) Received: from mail.griff-co.com (3-1-4.slc.fiber.net [209.90.98.5]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id GAA17259; Wed, 13 Oct 1999 06:11:32 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 06:07:07 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id UAA15068 for ; Tue, 12 Oct 1999 20:39:13 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id UAA12300 for ; Tue, 12 Oct 1999 20:39:12 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id SAA16413 for tcp-impl-outgoing; Tue, 12 Oct 1999 18:34:01 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id SAA16405 for ; Tue, 12 Oct 1999 18:33:52 -0400 (EDT) Received: from mail.griff-co.com (3-1-11.slc.fiber.net [209.90.98.12]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id QAA16639; Tue, 12 Oct 1999 16:32:59 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Tue, 12 Oct 1999 16:32:01 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id QAA12137 for ; Tue, 12 Oct 1999 16:03:04 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id QAA10691 for ; Tue, 12 Oct 1999 16:03:03 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id NAA07164 for tcp-impl-outgoing; Tue, 12 Oct 1999 13:08:54 -0400 (EDT) Received: from drawbridge.ascend.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id NAA07141 for ; Tue, 12 Oct 1999 13:08:47 -0400 (EDT) Received: from fw-ext.ascend.com (fw-ext [198.4.92.5]) by drawbridge.ascend.com (8.9.1a/8.9.1) with SMTP id KAA21415 for ; Tue, 12 Oct 1999 10:03:34 -0700 (PDT) Received: from russet.ascend.com by fw-ext.ascend.com via smtpd (for drawbridge.ascend.com [198.4.92.1]) with SMTP; 12 Oct 1999 17:08:46 UT Received: from wopr.eng.ascend.com (wopr.eng.ascend.com [206.65.212.178]) by russet.ascend.com (8.9.1a/8.9.1) with ESMTP id KAA13276; Tue, 12 Oct 1999 10:08:45 -0700 (PDT) Received: from wli-sun.eng.ascend.com (wli-sun.eng.ascend.com [10.40.40.132]) by wopr.eng.ascend.com (8.9.1/8.9.1) with ESMTP id KAA22355; Tue, 12 Oct 1999 10:10:29 -0700 (PDT) Received: from ascend.com (localhost [127.0.0.1]) by wli-sun.eng.ascend.com (8.8.8+Sun/8.8.8) with ESMTP id KAA02601; Tue, 12 Oct 1999 10:08:37 -0700 (PDT) Message-ID: <38036B15.351498D9@ascend.com> Date: Tue, 12 Oct 1999 10:08:37 -0700 From: william Li X-Mailer: Mozilla 4.6 [en] (X11; I; SunOS 5.6 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: tcp-impl@lerc.nasa.gov, "liw@ascend.com" Subject: a question about SYN attack Content-Type: multipart/mixed; boundary="------------93350528E3080419D42BB84B" X-UIDL: 66df026af0c5a8d4c4638a8054472840 Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk This is a multi-part message in MIME format. --------------93350528E3080419D42BB84B Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi Folks: I want through the archive, and find out the summary about the SYN flood attack from David Borman. Unfortunately his summary(src) URL: ftp://ftp.bsdi.com/contrib/bsdi_contrib/44Lite-SYNcache.gz) is not accessible anymore and his e-mail dab@bsdi.com can not be reached either. Is there an RFC for this problem ? Is there any solution (src) available ? Very appreciated your help. --------------93350528E3080419D42BB84B Content-Type: message/delivery-status; name="nsmail380369462220293" Content-Disposition: inline; filename="nsmail380369462220293" Content-Transfer-Encoding: 7bit Reporting-MTA: dns; drawbridge.ascend.com Arrival-Date: Mon, 11 Oct 1999 18:19:08 -0700 (PDT) Final-Recipient: RFC822; dab@bsdi.com Action: delayed Status: 4.4.1 Remote-MTA: DNS; relay.bsdi.com Last-Attempt-Date: Mon, 11 Oct 1999 22:28:48 -0700 (PDT) Will-Retry-Until: Sat, 16 Oct 1999 18:19:08 -0700 (PDT) --------------93350528E3080419D42BB84B Content-Type: message/rfc822; name="nsmail380369462230293" Content-Disposition: inline; filename="nsmail380369462230293" Return-Path: Received: from fw-ext.ascend.com (fw-ext [198.4.92.5]) by drawbridge.ascend.com (8.9.1a/8.9.1) with SMTP id SAA19237 for ; Mon, 11 Oct 1999 18:19:08 -0700 (PDT) Received: from russet.ascend.com by fw-ext.ascend.com via smtpd (for drawbridge.ascend.com [198.4.92.1]) with SMTP; 12 Oct 1999 01:24:20 UT Received: from wopr.eng.ascend.com (wopr.eng.ascend.com [206.65.212.178]) by russet.ascend.com (8.9.1a/8.9.1) with ESMTP id SAA28353 for ; Mon, 11 Oct 1999 18:24:19 -0700 (PDT) Received: from wli-sun.eng.ascend.com (wli-sun.eng.ascend.com [10.40.40.132]) by wopr.eng.ascend.com (8.9.1/8.9.1) with ESMTP id SAA07477 for ; Mon, 11 Oct 1999 18:26:03 -0700 (PDT) Received: from ascend.com (localhost [127.0.0.1]) by wli-sun.eng.ascend.com (8.8.8+Sun/8.8.8) with ESMTP id SAA01504 for ; Mon, 11 Oct 1999 18:24:19 -0700 (PDT) Sender: liw@ascend.com Message-ID: <38028DC3.942B40B7@ascend.com> Date: Mon, 11 Oct 1999 18:24:19 -0700 From: william Li X-Mailer: Mozilla 4.6 [en] (X11; I; SunOS 5.6 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: dab@bsdi.com Subject: help Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi David: 2 years ago, you have the infamous syn attack resolved at: ftp://ftp.bsdi.com/contrib/bsdi_contrib/44Lite-SYNcache.gz Of course, the site is closed, could you point out the new site? or mail me the portion of the fix if possible. Thanks, -- Cheers William Li InterNetworking Systems, Lucent Technologies --------------93350528E3080419D42BB84B-- From owner-tcp-impl@lerc.nasa.gov Wed Oct 13 11:50:55 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA27842 for ; Wed, 13 Oct 1999 11:50:54 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id IAA00567 for tcp-impl-outgoing; Wed, 13 Oct 1999 08:07:59 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id IAA00559 for ; Wed, 13 Oct 1999 08:07:55 -0400 (EDT) Received: from mail.griff-co.com (3-1-4.slc.fiber.net [209.90.98.5]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id GAA16844; Wed, 13 Oct 1999 06:07:41 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 06:06:36 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id TAA07404 for ; Tue, 12 Oct 1999 19:20:58 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id TAA11843 for ; Tue, 12 Oct 1999 19:20:57 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id RAA08978 for tcp-impl-outgoing; Tue, 12 Oct 1999 17:03:49 -0400 (EDT) Received: from drawbridge.ascend.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id RAA08972 for ; Tue, 12 Oct 1999 17:03:47 -0400 (EDT) Received: from fw-ext.ascend.com (fw-ext [198.4.92.5]) by drawbridge.ascend.com (8.9.1a/8.9.1) with SMTP id NAA24362; Tue, 12 Oct 1999 13:58:34 -0700 (PDT) Received: from russet.ascend.com by fw-ext.ascend.com via smtpd (for drawbridge.ascend.com [198.4.92.1]) with SMTP; 12 Oct 1999 21:03:46 UT Received: from wopr.eng.ascend.com (wopr.eng.ascend.com [206.65.212.178]) by russet.ascend.com (8.9.1a/8.9.1) with ESMTP id OAA08278; Tue, 12 Oct 1999 14:03:46 -0700 (PDT) Received: from wli-sun.eng.ascend.com (wli-sun.eng.ascend.com [10.40.40.132]) by wopr.eng.ascend.com (8.9.1/8.9.1) with ESMTP id OAA02684; Tue, 12 Oct 1999 14:05:30 -0700 (PDT) Received: from ascend.com (localhost [127.0.0.1]) by wli-sun.eng.ascend.com (8.8.8+Sun/8.8.8) with ESMTP id OAA02888; Tue, 12 Oct 1999 14:03:46 -0700 (PDT) Message-ID: <3803A231.2DA1E7D3@ascend.com> Date: Tue, 12 Oct 1999 14:03:45 -0700 From: william Li X-Mailer: Mozilla 4.6 [en] (X11; I; SunOS 5.6 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: Zachary Amsden CC: tcp-impl@lerc.nasa.gov Subject: Re: a question about SYN attack References: <38036B15.351498D9@ascend.com> <380382B4.79626C27@engr.sgi.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-UIDL: 5c9ce1cb175d608f334c92dda63dfcac Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk Content-Transfer-Encoding: 7bit This is the syn_cooky solusion. I believe that Vernon's random_drop solusion super-set this one. Does anyone have info about the radom_drop solusion ? Thanks, Zachary Amsden wrote: > > One discussion of SYN attacks is found below: > > ftp://koobera.math.uic.edu/www/syncookies/archive > > Zachary Amsden > zamsden@engr.sgi.com > > william Li wrote: > > > > Hi Folks: > > > > I want through the archive, and find out the summary > > about the SYN flood attack from David Borman. Unfortunately > > his summary(src) URL: > > > > ftp://ftp.bsdi.com/contrib/bsdi_contrib/44Lite-SYNcache.gz) > > > > is not accessible anymore and his e-mail dab@bsdi.com can > > not be reached either. > > > > Is there an RFC for this problem ? > > Is there any solution (src) available ? > > > > Very appreciated your help. > > -- Cheers William Li InterNetworking Systems, Lucent Technologies From owner-tcp-impl@lerc.nasa.gov Wed Oct 13 11:52:19 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA27903 for ; Wed, 13 Oct 1999 11:52:17 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id IAA00972 for tcp-impl-outgoing; Wed, 13 Oct 1999 08:11:48 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id IAA00958 for ; Wed, 13 Oct 1999 08:11:44 -0400 (EDT) Received: from mail.griff-co.com (3-1-4.slc.fiber.net [209.90.98.5]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id GAA17178; Wed, 13 Oct 1999 06:10:55 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 06:06:57 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id UAA13240 for ; Tue, 12 Oct 1999 20:22:08 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id UAA12207 for ; Tue, 12 Oct 1999 20:22:07 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id SAA15335 for tcp-impl-outgoing; Tue, 12 Oct 1999 18:20:35 -0400 (EDT) Received: from lestat.nas.nasa.gov (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id SAA15331 for ; Tue, 12 Oct 1999 18:20:33 -0400 (EDT) Received: from lestat (localhost [127.0.0.1]) by lestat.nas.nasa.gov (8.8.8/8.6.12) with ESMTP id PAA16813; Tue, 12 Oct 1999 15:20:17 -0700 (PDT) Message-Id: <199910122220.PAA16813@lestat.nas.nasa.gov> To: Zachary Amsden Cc: william Li , tcp-impl@lerc.nasa.gov Subject: Re: a question about SYN attack Reply-To: Jason Thorpe From: Jason Thorpe Date: Tue, 12 Oct 1999 15:20:16 -0700 X-UIDL: 48f84ed1b5ac908cd2fb90d2a2c42269 Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk On Tue, 12 Oct 1999 11:49:24 -0700 Zachary Amsden wrote: > One discussion of SYN attacks is found below: > > ftp://koobera.math.uic.edu/www/syncookies/archive > > Zachary Amsden > zamsden@engr.sgi.com NetBSD also implements the Borman "SYN cache" (it's based on the original published BSDI diff, but has changed rather significantly since then). In NetBSD, it is used for all passive embryonic connections (unlike the BSD/OS version, which was activated only when the system was under "attack"). Information on obtaining the NetBSD source code can be found at: http://www.netbsd.org/ > > I want through the archive, and find out the summary > > about the SYN flood attack from David Borman. Unfortunately > > his summary(src) URL: > > > > ftp://ftp.bsdi.com/contrib/bsdi_contrib/44Lite-SYNcache.gz) > > > > is not accessible anymore and his e-mail dab@bsdi.com can > > not be reached either. > > > > Is there an RFC for this problem ? > > Is there any solution (src) available ? > > > > Very appreciated your help. > > -- Jason R. Thorpe From owner-tcp-impl@lerc.nasa.gov Wed Oct 13 16:28:09 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA03577 for ; Wed, 13 Oct 1999 16:28:09 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id MAA04357 for tcp-impl-outgoing; Wed, 13 Oct 1999 12:06:58 -0400 (EDT) Received: from frantic.bsdi.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id MAA04344 for ; Wed, 13 Oct 1999 12:06:55 -0400 (EDT) Received: (from dab@localhost) by frantic.bsdi.com (8.9.0/8.9.0) id LAA07632; Wed, 13 Oct 1999 11:06:54 -0500 (CDT) Date: Wed, 13 Oct 1999 11:06:54 -0500 (CDT) From: David Borman Message-Id: <199910131606.LAA07632@frantic.bsdi.com> To: tcp-impl@lerc.nasa.gov, vjs@calcite.rhyolite.com Subject: Re: a question about SYN attack Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk > Date: Tue, 12 Oct 1999 17:09:48 -0600 (MDT) > From: Vernon Schryver > Subject: Re: a question about SYN attack > > > From: william Li > > > This is the syn_cooky solusion. I believe that > > Vernon's random_drop solusion super-set this > > one. Does anyone have info about the radom_drop > > solusion ? > > > I think the syn-cooky solution was different, and neither a super-set, > sub-set, extension, or precursor of random-drop. I also don't like it. Correct. The idea behind the syn-cookie is that when a SYN is received, send out the SYN/ACK, and forget about the connection. When the ACK is received, the connection is then created. But to avoid switching the SYN attack to an ACK attack, some magic encoding is done in the sequence number in the SYN/ACK, so that when the ACK is received, it can be verified whether or not it is in response to a SYN/ACK that we sent out. The issues with syn-cookies is how to do that encoding, and if you have to drop to a lower level of service due to lack of bits for encoding state information (like TCP window scale option). > Dave Borman's solution can be viewed as a superset of random drop. He > switched to a hash table to find TCB's, something that everyone who deals > with large numbers of sockets must do to avoid performance problems. He > also changed things so that much less state is kept for each partly open > connection. When that table overflowed, he picked an arbitrary, > reasonably random connection to throw out of the table. That last bit > of picking a random connection to give up on instead of either the classic > 4.*BSD tactic of the newest connection or other systems' giving up on > the oldest connection is crux of random-drop. Well, it's not exactly random drop. Each hash bucket has a limit, and the overall table has a limit. When we decide that we need to drop a connection due to either limit being exceeded, we drop the oldest connection on the hash bucket where we are trying to put the new connection. The hashing function is designed to be non-predictable (from the outside), so that there is a fairly good distribution across all the buckets. > Has something happened to BSDI? > ... No, other than our ISP had a 48 hour outage between POPs that knocked us off the net for 48 hours (compounded by anyone trying to call BSDI on Monday not being able to get anyone, since the main office was closed for Columbus Day.) -David Borman, dab@bsdi.com From owner-tcp-impl@lerc.nasa.gov Wed Oct 13 16:28:27 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA03588 for ; Wed, 13 Oct 1999 16:28:27 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id MAA05738 for tcp-impl-outgoing; Wed, 13 Oct 1999 12:20:06 -0400 (EDT) Received: from frantic.bsdi.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id MAA05732 for ; Wed, 13 Oct 1999 12:20:04 -0400 (EDT) Received: (from dab@localhost) by frantic.bsdi.com (8.9.0/8.9.0) id LAA07658; Wed, 13 Oct 1999 11:20:02 -0500 (CDT) Date: Wed, 13 Oct 1999 11:20:02 -0500 (CDT) From: David Borman Message-Id: <199910131620.LAA07658@frantic.bsdi.com> To: thorpej@nas.nasa.gov Subject: Re: a question about SYN attack Cc: tcp-impl@lerc.nasa.gov Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk > Subject: Re: a question about SYN attack > From: Jason Thorpe > Date: Tue, 12 Oct 1999 15:20:16 -0700 > > On Tue, 12 Oct 1999 11:49:24 -0700 > Zachary Amsden wrote: > > > One discussion of SYN attacks is found below: > > > > ftp://koobera.math.uic.edu/www/syncookies/archive > > > > Zachary Amsden > > zamsden@engr.sgi.com > > NetBSD also implements the Borman "SYN cache" (it's based on the original > published BSDI diff, but has changed rather significantly since then). In > NetBSD, it is used for all passive embryonic connections (unlike the BSD/OS > version, which was activated only when the system was under "attack"). I don't agree with NetBSD's decision to push all connections through the SYN cache, as the SYN cache introduces a situation where valid connections won't be established. Specifically, we don't do retransmission of the SYN/ACK out of the SYN cache (since it is assumed that when we are under attack, retransmitting all the SYN/ACKs will take up a lot of extra cycles for which there will be no benifit). This means that if we respond with a SYN/ACK to a valid connection, the returning ACK gets lost, and there is no initial data coming from the client, then the connection hangs, since ACKs are not retransmitted. My view is that when we are under a SYN flood attack, we're willing to take the risk that some connections might hang, but when we are not under attack we want to be as robust as possible, meaning we do the SYN/ACK retransmissions as necessary. Has NetBSD done something to address this issue? -David Borman, dab@bsdi.com From owner-tcp-impl@lerc.nasa.gov Wed Oct 13 16:51:58 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA04125 for ; Wed, 13 Oct 1999 16:51:58 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id NAA12857 for tcp-impl-outgoing; Wed, 13 Oct 1999 13:14:47 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id NAA12851 for ; Wed, 13 Oct 1999 13:14:44 -0400 (EDT) Received: from mail.griff-co.com (3-1-38.slc.fiber.net [209.90.98.39]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id LAA28110; Wed, 13 Oct 1999 11:14:29 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 10:28:42 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id CAA24670 for ; Wed, 13 Oct 1999 02:13:39 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id CAA14019 for ; Wed, 13 Oct 1999 02:13:37 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id XAA02578 for tcp-impl-outgoing; Tue, 12 Oct 1999 23:29:21 -0400 (EDT) Received: from frantic.bsdi.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id XAA02490 for ; Tue, 12 Oct 1999 23:29:15 -0400 (EDT) Received: (from dab@localhost) by frantic.bsdi.com (8.9.0/8.9.0) id WAA05957; Tue, 12 Oct 1999 22:28:21 -0500 (CDT) Date: Tue, 12 Oct 1999 22:28:21 -0500 (CDT) From: David Borman Message-Id: <199910130328.WAA05957@frantic.bsdi.com> To: liw@ascend.com Subject: Re: a question about SYN attack Cc: tcp-impl@lerc.nasa.gov X-UIDL: 8ead3c09c51a9d903e185ce9492a22c1 Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk William, > I want through the archive, and find out the summary > about the SYN flood attack from David Borman. Unfortunately > his summary(src) URL: > > ftp://ftp.bsdi.com/contrib/bsdi_contrib/44Lite-SYNcache.gz) > > is not accessible anymore and his e-mail dab@bsdi.com can > not be reached either. BSDI is back on the air, after a 2 day outage. Our ISP had a broken backbone between POPs, and we were on the wrong side. :-( Anyway, all of bsdi.com is now accessable again. For the time being, I've put a copy of the 44 SYN cache diffs up at: ftp://ftp.bsdi.com/private/44-syn-diffs.gz -David Borman, dab@bsdi.com From owner-tcp-impl@lerc.nasa.gov Wed Oct 13 17:20:15 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA04666 for ; Wed, 13 Oct 1999 17:20:15 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id NAA16329 for tcp-impl-outgoing; Wed, 13 Oct 1999 13:38:19 -0400 (EDT) Received: from lestat.nas.nasa.gov (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id NAA16324 for ; Wed, 13 Oct 1999 13:38:17 -0400 (EDT) Received: from lestat (localhost [127.0.0.1]) by lestat.nas.nasa.gov (8.8.8/8.6.12) with ESMTP id KAA27780; Wed, 13 Oct 1999 10:38:11 -0700 (PDT) Message-Id: <199910131738.KAA27780@lestat.nas.nasa.gov> To: David Borman Cc: tcp-impl@lerc.nasa.gov Subject: Re: a question about SYN attack Reply-To: Jason Thorpe From: Jason Thorpe Date: Wed, 13 Oct 1999 10:38:10 -0700 Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk On Wed, 13 Oct 1999 11:20:02 -0500 (CDT) David Borman wrote: > I don't agree with NetBSD's decision to push all connections through > the SYN cache, as the SYN cache introduces a situation where valid > connections won't be established. Specifically, we don't do retransmission > of the SYN/ACK out of the SYN cache (since it is assumed that when we > are under attack, retransmitting all the SYN/ACKs will take up a lot of > extra cycles for which there will be no benifit). This means that if > we respond with a SYN/ACK to a valid connection, the returning ACK gets > lost, and there is no initial data coming from the client, then the > connection hangs, since ACKs are not retransmitted. [ ...snip... ] > Has NetBSD done something to address this issue? Yes. A while back I added logic to handle transient unreachable-errors and retransmit logic to the NetBSD SYN cache implementation. I'm pretty sure it's all in the 1.4.1 release (and may have also been in 1.4; I'm not entirely certain, tho...) When we decided to push all connections through the SYN cache, it really helped clean up that code path; using both paths was quickly turning into a real maintenance headache. The net result (no pun intended :-) is that connections over a flaky network continue to get through, even while the machine is being flooded at a high rate. -- Jason R. Thorpe From owner-tcp-impl@lerc.nasa.gov Wed Oct 13 17:50:41 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA05017 for ; Wed, 13 Oct 1999 17:50:40 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id OAA23593 for tcp-impl-outgoing; Wed, 13 Oct 1999 14:31:13 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id OAA23573 for ; Wed, 13 Oct 1999 14:31:04 -0400 (EDT) Received: from mail.griff-co.com (3-2-22.slc.fiber.net [209.90.98.87]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id MAA21119; Wed, 13 Oct 1999 12:30:57 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 12:31:04 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id LAA26981 for ; Wed, 13 Oct 1999 11:07:40 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id LAA21777 for ; Wed, 13 Oct 1999 11:07:35 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id IAA00567 for tcp-impl-outgoing; Wed, 13 Oct 1999 08:07:59 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id IAA00559 for ; Wed, 13 Oct 1999 08:07:55 -0400 (EDT) Received: from mail.griff-co.com (3-1-4.slc.fiber.net [209.90.98.5]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id GAA16844; Wed, 13 Oct 1999 06:07:41 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 06:06:36 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id TAA07404 for ; Tue, 12 Oct 1999 19:20:58 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id TAA11843 for ; Tue, 12 Oct 1999 19:20:57 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id RAA08978 for tcp-impl-outgoing; Tue, 12 Oct 1999 17:03:49 -0400 (EDT) Received: from drawbridge.ascend.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id RAA08972 for ; Tue, 12 Oct 1999 17:03:47 -0400 (EDT) Received: from fw-ext.ascend.com (fw-ext [198.4.92.5]) by drawbridge.ascend.com (8.9.1a/8.9.1) with SMTP id NAA24362; Tue, 12 Oct 1999 13:58:34 -0700 (PDT) Received: from russet.ascend.com by fw-ext.ascend.com via smtpd (for drawbridge.ascend.com [198.4.92.1]) with SMTP; 12 Oct 1999 21:03:46 UT Received: from wopr.eng.ascend.com (wopr.eng.ascend.com [206.65.212.178]) by russet.ascend.com (8.9.1a/8.9.1) with ESMTP id OAA08278; Tue, 12 Oct 1999 14:03:46 -0700 (PDT) Received: from wli-sun.eng.ascend.com (wli-sun.eng.ascend.com [10.40.40.132]) by wopr.eng.ascend.com (8.9.1/8.9.1) with ESMTP id OAA02684; Tue, 12 Oct 1999 14:05:30 -0700 (PDT) Received: from ascend.com (localhost [127.0.0.1]) by wli-sun.eng.ascend.com (8.8.8+Sun/8.8.8) with ESMTP id OAA02888; Tue, 12 Oct 1999 14:03:46 -0700 (PDT) Message-ID: <3803A231.2DA1E7D3@ascend.com> Date: Tue, 12 Oct 1999 14:03:45 -0700 From: william Li X-Mailer: Mozilla 4.6 [en] (X11; I; SunOS 5.6 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: Zachary Amsden CC: tcp-impl@lerc.nasa.gov Subject: Re: a question about SYN attack References: <38036B15.351498D9@ascend.com> <380382B4.79626C27@engr.sgi.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-UIDL: 5c9ce1cb175d608f334c92dda63dfcac Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk Content-Transfer-Encoding: 7bit This is the syn_cooky solusion. I believe that Vernon's random_drop solusion super-set this one. Does anyone have info about the radom_drop solusion ? Thanks, Zachary Amsden wrote: > > One discussion of SYN attacks is found below: > > ftp://koobera.math.uic.edu/www/syncookies/archive > > Zachary Amsden > zamsden@engr.sgi.com > > william Li wrote: > > > > Hi Folks: > > > > I want through the archive, and find out the summary > > about the SYN flood attack from David Borman. Unfortunately > > his summary(src) URL: > > > > ftp://ftp.bsdi.com/contrib/bsdi_contrib/44Lite-SYNcache.gz) > > > > is not accessible anymore and his e-mail dab@bsdi.com can > > not be reached either. > > > > Is there an RFC for this problem ? > > Is there any solution (src) available ? > > > > Very appreciated your help. > > -- Cheers William Li InterNetworking Systems, Lucent Technologies From owner-tcp-impl@lerc.nasa.gov Wed Oct 13 17:51:14 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA05041 for ; Wed, 13 Oct 1999 17:51:13 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id OAA22927 for tcp-impl-outgoing; Wed, 13 Oct 1999 14:26:40 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id OAA22923 for ; Wed, 13 Oct 1999 14:26:38 -0400 (EDT) Received: from mail.griff-co.com (3-2-22.slc.fiber.net [209.90.98.87]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id MAA20411; Wed, 13 Oct 1999 12:26:35 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 12:26:44 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id KAA23761 for ; Wed, 13 Oct 1999 10:48:41 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id KAA21603 for ; Wed, 13 Oct 1999 10:48:39 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id IAA01468 for tcp-impl-outgoing; Wed, 13 Oct 1999 08:15:22 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id IAA01454 for ; Wed, 13 Oct 1999 08:15:19 -0400 (EDT) Received: from mail.griff-co.com (3-1-4.slc.fiber.net [209.90.98.5]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id GAA17686; Wed, 13 Oct 1999 06:15:14 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 06:14:45 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id XAA02721 for ; Tue, 12 Oct 1999 23:32:53 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id XAA13200 for ; Tue, 12 Oct 1999 23:32:52 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id VAA24748 for tcp-impl-outgoing; Tue, 12 Oct 1999 21:10:38 -0400 (EDT) Received: from drawbridge.ascend.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id VAA24744 for ; Tue, 12 Oct 1999 21:10:36 -0400 (EDT) Received: from fw-ext.ascend.com (fw-ext [198.4.92.5]) by drawbridge.ascend.com (8.9.1a/8.9.1) with SMTP id SAA19143; Tue, 12 Oct 1999 18:05:22 -0700 (PDT) Received: from russet.ascend.com by fw-ext.ascend.com via smtpd (for drawbridge.ascend.com [198.4.92.1]) with SMTP; 13 Oct 1999 01:10:35 UT Received: from wopr.eng.ascend.com (wopr.eng.ascend.com [206.65.212.178]) by russet.ascend.com (8.9.1a/8.9.1) with ESMTP id SAA18296; Tue, 12 Oct 1999 18:10:34 -0700 (PDT) Received: from wli-sun.eng.ascend.com (wli-sun.eng.ascend.com [10.40.40.132]) by wopr.eng.ascend.com (8.9.1/8.9.1) with ESMTP id SAA11772; Tue, 12 Oct 1999 18:12:18 -0700 (PDT) Received: from ascend.com (localhost [127.0.0.1]) by wli-sun.eng.ascend.com (8.8.8+Sun/8.8.8) with ESMTP id SAA03597; Tue, 12 Oct 1999 18:10:29 -0700 (PDT) Message-ID: <3803DC05.20081989@ascend.com> Date: Tue, 12 Oct 1999 18:10:29 -0700 From: william Li X-Mailer: Mozilla 4.6 [en] (X11; I; SunOS 5.6 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: Vernon Schryver CC: tcp-impl@lerc.nasa.gov Subject: Re: a question about SYN attack References: <199910122309.RAA20851@calcite.rhyolite.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-UIDL: aaac407894223cc0e0184e26e7a4f34b Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk Content-Transfer-Encoding: 7bit Thanks, Vernon. You answered my question with the following comment. BTW, netbsd has a syn_cache implementation: ftp://ftp.netbsd.org/pub/NetBSD/NetBSD-1.4.1/source/ Vernon Schryver wrote: > > Dave Borman's solution can be viewed as a superset of random drop. He > switched to a hash table to find TCB's, something that everyone who deals > with large numbers of sockets must do to avoid performance problems. He > also changed things so that much less state is kept for each partly open > connection. When that table overflowed, he picked an arbitrary, > reasonably random connection to throw out of the table. That last bit > of picking a random connection to give up on instead of either the classic > 4.*BSD tactic of the newest connection or other systems' giving up on > the oldest connection is crux of random-drop. From owner-tcp-impl@lerc.nasa.gov Wed Oct 13 17:51:20 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA05052 for ; Wed, 13 Oct 1999 17:51:20 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id OAA23448 for tcp-impl-outgoing; Wed, 13 Oct 1999 14:30:31 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id OAA23440 for ; Wed, 13 Oct 1999 14:30:26 -0400 (EDT) Received: from mail.griff-co.com (3-2-22.slc.fiber.net [209.90.98.87]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id MAA20979; Wed, 13 Oct 1999 12:30:17 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 12:30:27 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id LAA26879 for ; Wed, 13 Oct 1999 11:07:11 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id LAA21768 for ; Wed, 13 Oct 1999 11:07:04 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id IAA00972 for tcp-impl-outgoing; Wed, 13 Oct 1999 08:11:48 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id IAA00958 for ; Wed, 13 Oct 1999 08:11:44 -0400 (EDT) Received: from mail.griff-co.com (3-1-4.slc.fiber.net [209.90.98.5]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id GAA17178; Wed, 13 Oct 1999 06:10:55 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 06:06:57 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id UAA13240 for ; Tue, 12 Oct 1999 20:22:08 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id UAA12207 for ; Tue, 12 Oct 1999 20:22:07 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id SAA15335 for tcp-impl-outgoing; Tue, 12 Oct 1999 18:20:35 -0400 (EDT) Received: from lestat.nas.nasa.gov (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id SAA15331 for ; Tue, 12 Oct 1999 18:20:33 -0400 (EDT) Received: from lestat (localhost [127.0.0.1]) by lestat.nas.nasa.gov (8.8.8/8.6.12) with ESMTP id PAA16813; Tue, 12 Oct 1999 15:20:17 -0700 (PDT) Message-Id: <199910122220.PAA16813@lestat.nas.nasa.gov> To: Zachary Amsden Cc: william Li , tcp-impl@lerc.nasa.gov Subject: Re: a question about SYN attack Reply-To: Jason Thorpe From: Jason Thorpe Date: Tue, 12 Oct 1999 15:20:16 -0700 X-UIDL: 48f84ed1b5ac908cd2fb90d2a2c42269 Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk On Tue, 12 Oct 1999 11:49:24 -0700 Zachary Amsden wrote: > One discussion of SYN attacks is found below: > > ftp://koobera.math.uic.edu/www/syncookies/archive > > Zachary Amsden > zamsden@engr.sgi.com NetBSD also implements the Borman "SYN cache" (it's based on the original published BSDI diff, but has changed rather significantly since then). In NetBSD, it is used for all passive embryonic connections (unlike the BSD/OS version, which was activated only when the system was under "attack"). Information on obtaining the NetBSD source code can be found at: http://www.netbsd.org/ > > I want through the archive, and find out the summary > > about the SYN flood attack from David Borman. Unfortunately > > his summary(src) URL: > > > > ftp://ftp.bsdi.com/contrib/bsdi_contrib/44Lite-SYNcache.gz) > > > > is not accessible anymore and his e-mail dab@bsdi.com can > > not be reached either. > > > > Is there an RFC for this problem ? > > Is there any solution (src) available ? > > > > Very appreciated your help. > > -- Jason R. Thorpe From owner-tcp-impl@lerc.nasa.gov Wed Oct 13 17:54:36 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA05094 for ; Wed, 13 Oct 1999 17:54:35 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id OAA23341 for tcp-impl-outgoing; Wed, 13 Oct 1999 14:29:45 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id OAA23329 for ; Wed, 13 Oct 1999 14:29:43 -0400 (EDT) Received: from mail.griff-co.com (3-2-22.slc.fiber.net [209.90.98.87]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id MAA20864; Wed, 13 Oct 1999 12:29:37 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 12:29:47 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id KAA23990 for ; Wed, 13 Oct 1999 10:50:00 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id KAA21621 for ; Wed, 13 Oct 1999 10:49:59 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id IAA01069 for tcp-impl-outgoing; Wed, 13 Oct 1999 08:12:30 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id IAA01060 for ; Wed, 13 Oct 1999 08:12:27 -0400 (EDT) Received: from mail.griff-co.com (3-1-4.slc.fiber.net [209.90.98.5]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id GAA17369; Wed, 13 Oct 1999 06:12:16 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 06:07:17 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id VAA18417 for ; Tue, 12 Oct 1999 21:12:29 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id VAA12477 for ; Tue, 12 Oct 1999 21:12:29 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id TAA18082 for tcp-impl-outgoing; Tue, 12 Oct 1999 19:01:14 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id TAA18018 for ; Tue, 12 Oct 1999 19:00:55 -0400 (EDT) Received: from mail.griff-co.com (3-2-14.slc.fiber.net [209.90.98.79]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id RAA20691; Tue, 12 Oct 1999 17:00:50 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Tue, 12 Oct 1999 17:01:07 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id QAA19062 for ; Tue, 12 Oct 1999 16:49:43 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id QAA10917 for ; Tue, 12 Oct 1999 16:49:42 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id PAA23832 for tcp-impl-outgoing; Tue, 12 Oct 1999 15:01:44 -0400 (EDT) Received: from pneumatic-tube.sgi.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id PAA23822 for ; Tue, 12 Oct 1999 15:01:42 -0400 (EDT) Received: from cthulhu.engr.sgi.com (cthulhu.engr.sgi.com [192.26.80.2]) by pneumatic-tube.sgi.com (980327.SGI.8.8.8-aspam/980310.SGI-aspam) via ESMTP id MAA05731; Tue, 12 Oct 1999 12:02:16 -0700 (PDT) mail_from (zamsden@cthulhu.engr.sgi.com) Received: from clock.engr.sgi.com (clock.engr.sgi.com [150.166.75.10]) by cthulhu.engr.sgi.com (980427.SGI.8.8.8/970903.SGI.AUTOCF) via ESMTP id MAA47612; Tue, 12 Oct 1999 12:01:39 -0700 (PDT) mail_from (zamsden@cthulhu.engr.sgi.com) Received: from engr.sgi.com (localhost [127.0.0.1]) by clock.engr.sgi.com (980427.SGI.8.8.8/980728.SGI.AUTOCF) via ESMTP id LAA08824; Tue, 12 Oct 1999 11:49:24 -0700 (PDT) Message-ID: <380382B4.79626C27@engr.sgi.com> Date: Tue, 12 Oct 1999 11:49:24 -0700 From: Zachary Amsden X-Mailer: Mozilla 4.61 [en] (X11; U; IRIX 6.5-ALPHA-1275863520 IP32) X-Accept-Language: en MIME-Version: 1.0 To: william Li CC: tcp-impl@lerc.nasa.gov Subject: Re: a question about SYN attack References: <38036B15.351498D9@ascend.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-UIDL: 85bed951f03dc7fa44bc428fbdef7b4e Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk Content-Transfer-Encoding: 7bit One discussion of SYN attacks is found below: ftp://koobera.math.uic.edu/www/syncookies/archive Zachary Amsden zamsden@engr.sgi.com william Li wrote: > > Hi Folks: > > I want through the archive, and find out the summary > about the SYN flood attack from David Borman. Unfortunately > his summary(src) URL: > > ftp://ftp.bsdi.com/contrib/bsdi_contrib/44Lite-SYNcache.gz) > > is not accessible anymore and his e-mail dab@bsdi.com can > not be reached either. > > Is there an RFC for this problem ? > Is there any solution (src) available ? > > Very appreciated your help. > From owner-tcp-impl@lerc.nasa.gov Wed Oct 13 17:56:31 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA05113 for ; Wed, 13 Oct 1999 17:56:30 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id OAA22919 for tcp-impl-outgoing; Wed, 13 Oct 1999 14:26:37 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id OAA22897 for ; Wed, 13 Oct 1999 14:26:33 -0400 (EDT) Received: from mail.griff-co.com (3-2-22.slc.fiber.net [209.90.98.87]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id MAA20370 for ; Wed, 13 Oct 1999 12:26:23 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 12:26:33 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id KAA23763 for ; Wed, 13 Oct 1999 10:48:42 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id KAA21604 for ; Wed, 13 Oct 1999 10:48:40 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id IAA01101 for tcp-impl-outgoing; Wed, 13 Oct 1999 08:12:57 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id IAA01092 for ; Wed, 13 Oct 1999 08:12:53 -0400 (EDT) Received: from mail.griff-co.com (3-1-4.slc.fiber.net [209.90.98.5]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id GAA17417 for ; Wed, 13 Oct 1999 06:12:47 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 06:07:26 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id VAA19949 for ; Tue, 12 Oct 1999 21:25:46 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id VAA12566 for ; Tue, 12 Oct 1999 21:25:45 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id TAA18622 for tcp-impl-outgoing; Tue, 12 Oct 1999 19:09:52 -0400 (EDT) Received: from calcite.rhyolite.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id TAA18618 for ; Tue, 12 Oct 1999 19:09:50 -0400 (EDT) Received: (from vjs@localhost) by calcite.rhyolite.com (8.9.3/calcite) id RAA20851 for tcp-impl@lerc.nasa.gov env-from ; Tue, 12 Oct 1999 17:09:48 -0600 (MDT) Date: Tue, 12 Oct 1999 17:09:48 -0600 (MDT) From: Vernon Schryver Message-Id: <199910122309.RAA20851@calcite.rhyolite.com> To: tcp-impl@lerc.nasa.gov Subject: Re: a question about SYN attack X-UIDL: c153c20dc6562d623f58315a0d9a3625 Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk > From: william Li > This is the syn_cooky solusion. I believe that > Vernon's random_drop solusion super-set this > one. Does anyone have info about the radom_drop > solusion ? I think the syn-cooky solution was different, and neither a super-set, sub-set, extension, or precursor of random-drop. I also don't like it. Exactly what is the question? Dave Borman's solution can be viewed as a superset of random drop. He switched to a hash table to find TCB's, something that everyone who deals with large numbers of sockets must do to avoid performance problems. He also changed things so that much less state is kept for each partly open connection. When that table overflowed, he picked an arbitrary, reasonably random connection to throw out of the table. That last bit of picking a random connection to give up on instead of either the classic 4.*BSD tactic of the newest connection or other systems' giving up on the oldest connection is crux of random-drop. Note that the idea of random-drop was suggested by a public note by Robert Morris Jr. Has something happened to BSDI? Is there any reason to think that their FTP site won't be back? I can't reach them either, but it looks more like a routing problem at about the nearest default free router from here than a corporate dissolution. Vernon Schryver vjs@rhyolite.com From owner-tcp-impl@lerc.nasa.gov Wed Oct 13 18:19:34 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA05305 for ; Wed, 13 Oct 1999 18:19:32 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id OAA22982 for tcp-impl-outgoing; Wed, 13 Oct 1999 14:27:06 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id OAA22975 for ; Wed, 13 Oct 1999 14:27:04 -0400 (EDT) Received: from mail.griff-co.com (3-2-22.slc.fiber.net [209.90.98.87]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id MAA20428; Wed, 13 Oct 1999 12:26:43 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 12:26:52 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id KAA23903 for ; Wed, 13 Oct 1999 10:49:35 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id KAA21613 for ; Wed, 13 Oct 1999 10:49:34 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id IAA01174 for tcp-impl-outgoing; Wed, 13 Oct 1999 08:13:24 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id IAA01160 for ; Wed, 13 Oct 1999 08:13:22 -0400 (EDT) Received: from mail.griff-co.com (3-1-4.slc.fiber.net [209.90.98.5]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id GAA17498; Wed, 13 Oct 1999 06:13:19 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 06:07:36 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id VAA21195 for ; Tue, 12 Oct 1999 21:37:56 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id VAA12633 for ; Tue, 12 Oct 1999 21:37:37 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id TAA19143 for tcp-impl-outgoing; Tue, 12 Oct 1999 19:21:00 -0400 (EDT) Received: from mailman.cisco.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id TAA19139 for ; Tue, 12 Oct 1999 19:20:58 -0400 (EDT) Received: from bigger-dawgs ([171.70.114.134]) by mailman.cisco.com (8.8.8+Sun/CISCO.SERVER.1.2) with ESMTP id QAA27114; Tue, 12 Oct 1999 16:20:20 -0700 (PDT) Message-Id: <4.2.0.58.19991012191829.00978a50@lint.cisco.com> X-Sender: pferguso@lint.cisco.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Tue, 12 Oct 1999 19:20:11 -0400 To: william Li From: Paul Ferguson Subject: Re: a question about SYN attack Cc: tcp-impl@lerc.nasa.gov, "liw@ascend.com" In-Reply-To: <38036B15.351498D9@ascend.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-UIDL: f758b9ac9afca683296ed4b41b08dcd4 Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk Please see: ftp://ftp.isi.edu/in-notes/rfc2267.txt and http://users.quadrunner.com/chuegen/smurf.txt - paul At 10:08 AM 10/12/1999 -0700, william Li wrote: >Hi Folks: > >I want through the archive, and find out the summary >about the SYN flood attack from David Borman. Unfortunately >his summary(src) URL: > >ftp://ftp.bsdi.com/contrib/bsdi_contrib/44Lite-SYNcache.gz) > >is not accessible anymore and his e-mail dab@bsdi.com can >not be reached either. > >Is there an RFC for this problem ? >Is there any solution (src) available ? > >Very appreciated your help.Reporting-MTA: dns; drawbridge.ascend.com >Arrival-Date: Mon, 11 Oct 1999 18:19:08 -0700 (PDT) > >Final-Recipient: RFC822; dab@bsdi.com >Action: delayed >Status: 4.4.1 >Remote-MTA: DNS; relay.bsdi.com >Last-Attempt-Date: Mon, 11 Oct 1999 22:28:48 -0700 (PDT) >Will-Retry-Until: Sat, 16 Oct 1999 18:19:08 -0700 (PDT) > >Return-Path: >Received: from fw-ext.ascend.com (fw-ext [198.4.92.5]) > by drawbridge.ascend.com (8.9.1a/8.9.1) with SMTP id SAA19237 > for ; Mon, 11 Oct 1999 18:19:08 -0700 (PDT) >Received: from russet.ascend.com by fw-ext.ascend.com > via smtpd (for drawbridge.ascend.com [198.4.92.1]) with SMTP; > 12 Oct 1999 01:24:20 UT >Received: from wopr.eng.ascend.com (wopr.eng.ascend.com [206.65.212.178]) > by russet.ascend.com (8.9.1a/8.9.1) with ESMTP id SAA28353 > for ; Mon, 11 Oct 1999 18:24:19 -0700 (PDT) >Received: from wli-sun.eng.ascend.com (wli-sun.eng.ascend.com [10.40.40.132]) > by wopr.eng.ascend.com (8.9.1/8.9.1) with ESMTP id SAA07477 > for ; Mon, 11 Oct 1999 18:26:03 -0700 (PDT) >Received: from ascend.com (localhost [127.0.0.1]) > by wli-sun.eng.ascend.com (8.8.8+Sun/8.8.8) with ESMTP id SAA01504 > for ; Mon, 11 Oct 1999 18:24:19 -0700 (PDT) >Sender: liw@ascend.com >Message-ID: <38028DC3.942B40B7@ascend.com> >Date: Mon, 11 Oct 1999 18:24:19 -0700 >From: william Li >X-Mailer: Mozilla 4.6 [en] (X11; I; SunOS 5.6 sun4u) >X-Accept-Language: en >MIME-Version: 1.0 >To: dab@bsdi.com >Subject: help >Content-Type: text/plain; charset=us-ascii >Content-Transfer-Encoding: 7bit > >Hi David: > >2 years ago, you have the infamous syn attack >resolved at: > >ftp://ftp.bsdi.com/contrib/bsdi_contrib/44Lite-SYNcache.gz > >Of course, the site is closed, could you >point out the new site? or mail me the >portion of the fix if possible. > >Thanks, >-- >Cheers > >William Li >InterNetworking Systems, Lucent Technologies From owner-tcp-impl@lerc.nasa.gov Wed Oct 13 19:28:55 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA06247 for ; Wed, 13 Oct 1999 19:28:54 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id PAA04896 for tcp-impl-outgoing; Wed, 13 Oct 1999 15:49:16 -0400 (EDT) Received: from cosrel1.hp.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id PAA04877 for ; Wed, 13 Oct 1999 15:49:12 -0400 (EDT) Received: from loiter.cup.hp.com (root@loiter.cup.hp.com [15.8.80.103]) by cosrel1.hp.com (8.8.6 (PHNE_17135)/8.8.5tis) with ESMTP id NAA04456 for ; Wed, 13 Oct 1999 13:49:12 -0600 (MDT) Received: from cup.hp.com (raj@loiter [15.8.80.103]) by loiter.cup.hp.com with ESMTP (8.8.6/8.7.3 TIS Messaging 5.0) id MAA21624 for ; Wed, 13 Oct 1999 12:49:08 -0700 (PDT) Message-ID: <3804E234.8B4AB99F@cup.hp.com> Date: Wed, 13 Oct 1999 12:49:08 -0700 From: Rick Jones Organization: SNSL X-Mailer: Mozilla 4.6 [en] (X11; U; HP-UX B.10.20 9000/735) X-Accept-Language: en MIME-Version: 1.0 To: tcp-impl@grc.nasa.gov Subject: queue limits for DSL and modems Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk Content-Transfer-Encoding: 7bit does anyone have pointers to or data for queue limits in the downstream (ie towards the "user") direction for DSL links and/or dial-up modems? I'm looking for numbers to plug into a crude Streams port of dummynet. thanks, rick jones -- these opinions are mine, all mine; HP might not want them anyway... :) feel free to email, or post, but please do not do both... my email address is raj in the cup.hp.com domain... From owner-tcp-impl@lerc.nasa.gov Wed Oct 13 21:22:04 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA07133 for ; Wed, 13 Oct 1999 21:22:03 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id RAA18055 for tcp-impl-outgoing; Wed, 13 Oct 1999 17:57:27 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id RAA18045 for ; Wed, 13 Oct 1999 17:57:22 -0400 (EDT) Received: from mail.griff-co.com (3-2-10.slc.fiber.net [209.90.98.75]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id PAA25369; Wed, 13 Oct 1999 15:57:12 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 15:56:52 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id PAA23354 for ; Wed, 13 Oct 1999 15:46:26 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id PAA23965 for ; Wed, 13 Oct 1999 15:46:16 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id MAA05738 for tcp-impl-outgoing; Wed, 13 Oct 1999 12:20:06 -0400 (EDT) Received: from frantic.bsdi.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id MAA05732 for ; Wed, 13 Oct 1999 12:20:04 -0400 (EDT) Received: (from dab@localhost) by frantic.bsdi.com (8.9.0/8.9.0) id LAA07658; Wed, 13 Oct 1999 11:20:02 -0500 (CDT) Date: Wed, 13 Oct 1999 11:20:02 -0500 (CDT) From: David Borman Message-Id: <199910131620.LAA07658@frantic.bsdi.com> To: thorpej@nas.nasa.gov Subject: Re: a question about SYN attack Cc: tcp-impl@lerc.nasa.gov X-UIDL: f3cfa6983c548ed68e57dce72509e604 Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk > Subject: Re: a question about SYN attack > From: Jason Thorpe > Date: Tue, 12 Oct 1999 15:20:16 -0700 > > On Tue, 12 Oct 1999 11:49:24 -0700 > Zachary Amsden wrote: > > > One discussion of SYN attacks is found below: > > > > ftp://koobera.math.uic.edu/www/syncookies/archive > > > > Zachary Amsden > > zamsden@engr.sgi.com > > NetBSD also implements the Borman "SYN cache" (it's based on the original > published BSDI diff, but has changed rather significantly since then). In > NetBSD, it is used for all passive embryonic connections (unlike the BSD/OS > version, which was activated only when the system was under "attack"). I don't agree with NetBSD's decision to push all connections through the SYN cache, as the SYN cache introduces a situation where valid connections won't be established. Specifically, we don't do retransmission of the SYN/ACK out of the SYN cache (since it is assumed that when we are under attack, retransmitting all the SYN/ACKs will take up a lot of extra cycles for which there will be no benifit). This means that if we respond with a SYN/ACK to a valid connection, the returning ACK gets lost, and there is no initial data coming from the client, then the connection hangs, since ACKs are not retransmitted. My view is that when we are under a SYN flood attack, we're willing to take the risk that some connections might hang, but when we are not under attack we want to be as robust as possible, meaning we do the SYN/ACK retransmissions as necessary. Has NetBSD done something to address this issue? -David Borman, dab@bsdi.com From owner-tcp-impl@lerc.nasa.gov Wed Oct 13 21:23:57 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA07145 for ; Wed, 13 Oct 1999 21:23:56 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id RAA18061 for tcp-impl-outgoing; Wed, 13 Oct 1999 17:57:34 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id RAA18030 for ; Wed, 13 Oct 1999 17:57:14 -0400 (EDT) Received: from mail.griff-co.com (3-2-10.slc.fiber.net [209.90.98.75]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id PAA25347; Wed, 13 Oct 1999 15:57:07 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 15:56:51 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id PAA23386 for ; Wed, 13 Oct 1999 15:46:32 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id PAA23969 for ; Wed, 13 Oct 1999 15:46:30 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id MAA04357 for tcp-impl-outgoing; Wed, 13 Oct 1999 12:06:58 -0400 (EDT) Received: from frantic.bsdi.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id MAA04344 for ; Wed, 13 Oct 1999 12:06:55 -0400 (EDT) Received: (from dab@localhost) by frantic.bsdi.com (8.9.0/8.9.0) id LAA07632; Wed, 13 Oct 1999 11:06:54 -0500 (CDT) Date: Wed, 13 Oct 1999 11:06:54 -0500 (CDT) From: David Borman Message-Id: <199910131606.LAA07632@frantic.bsdi.com> To: tcp-impl@lerc.nasa.gov, vjs@calcite.rhyolite.com Subject: Re: a question about SYN attack X-UIDL: 7c7768200e87983ea3c6d68b4c2d3d94 Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk > Date: Tue, 12 Oct 1999 17:09:48 -0600 (MDT) > From: Vernon Schryver > Subject: Re: a question about SYN attack > > > From: william Li > > > This is the syn_cooky solusion. I believe that > > Vernon's random_drop solusion super-set this > > one. Does anyone have info about the radom_drop > > solusion ? > > > I think the syn-cooky solution was different, and neither a super-set, > sub-set, extension, or precursor of random-drop. I also don't like it. Correct. The idea behind the syn-cookie is that when a SYN is received, send out the SYN/ACK, and forget about the connection. When the ACK is received, the connection is then created. But to avoid switching the SYN attack to an ACK attack, some magic encoding is done in the sequence number in the SYN/ACK, so that when the ACK is received, it can be verified whether or not it is in response to a SYN/ACK that we sent out. The issues with syn-cookies is how to do that encoding, and if you have to drop to a lower level of service due to lack of bits for encoding state information (like TCP window scale option). > Dave Borman's solution can be viewed as a superset of random drop. He > switched to a hash table to find TCB's, something that everyone who deals > with large numbers of sockets must do to avoid performance problems. He > also changed things so that much less state is kept for each partly open > connection. When that table overflowed, he picked an arbitrary, > reasonably random connection to throw out of the table. That last bit > of picking a random connection to give up on instead of either the classic > 4.*BSD tactic of the newest connection or other systems' giving up on > the oldest connection is crux of random-drop. Well, it's not exactly random drop. Each hash bucket has a limit, and the overall table has a limit. When we decide that we need to drop a connection due to either limit being exceeded, we drop the oldest connection on the hash bucket where we are trying to put the new connection. The hashing function is designed to be non-predictable (from the outside), so that there is a fairly good distribution across all the buckets. > Has something happened to BSDI? > ... No, other than our ISP had a 48 hour outage between POPs that knocked us off the net for 48 hours (compounded by anyone trying to call BSDI on Monday not being able to get anyone, since the main office was closed for Columbus Day.) -David Borman, dab@bsdi.com From owner-tcp-impl@lerc.nasa.gov Wed Oct 13 22:07:10 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA08337 for ; Wed, 13 Oct 1999 22:07:09 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id SAA21779 for tcp-impl-outgoing; Wed, 13 Oct 1999 18:45:22 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id SAA21774 for ; Wed, 13 Oct 1999 18:45:20 -0400 (EDT) Received: from mail.griff-co.com (3-2-20.slc.fiber.net [209.90.98.85]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id QAA03341; Wed, 13 Oct 1999 16:45:01 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 16:45:13 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id QAA02800 for ; Wed, 13 Oct 1999 16:41:26 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id QAA24384 for ; Wed, 13 Oct 1999 16:41:26 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id NAA16329 for tcp-impl-outgoing; Wed, 13 Oct 1999 13:38:19 -0400 (EDT) Received: from lestat.nas.nasa.gov (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id NAA16324 for ; Wed, 13 Oct 1999 13:38:17 -0400 (EDT) Received: from lestat (localhost [127.0.0.1]) by lestat.nas.nasa.gov (8.8.8/8.6.12) with ESMTP id KAA27780; Wed, 13 Oct 1999 10:38:11 -0700 (PDT) Message-Id: <199910131738.KAA27780@lestat.nas.nasa.gov> To: David Borman Cc: tcp-impl@lerc.nasa.gov Subject: Re: a question about SYN attack Reply-To: Jason Thorpe From: Jason Thorpe Date: Wed, 13 Oct 1999 10:38:10 -0700 X-UIDL: 992293b19505ad7a03310266cfc01bf7 Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk On Wed, 13 Oct 1999 11:20:02 -0500 (CDT) David Borman wrote: > I don't agree with NetBSD's decision to push all connections through > the SYN cache, as the SYN cache introduces a situation where valid > connections won't be established. Specifically, we don't do retransmission > of the SYN/ACK out of the SYN cache (since it is assumed that when we > are under attack, retransmitting all the SYN/ACKs will take up a lot of > extra cycles for which there will be no benifit). This means that if > we respond with a SYN/ACK to a valid connection, the returning ACK gets > lost, and there is no initial data coming from the client, then the > connection hangs, since ACKs are not retransmitted. [ ...snip... ] > Has NetBSD done something to address this issue? Yes. A while back I added logic to handle transient unreachable-errors and retransmit logic to the NetBSD SYN cache implementation. I'm pretty sure it's all in the 1.4.1 release (and may have also been in 1.4; I'm not entirely certain, tho...) When we decided to push all connections through the SYN cache, it really helped clean up that code path; using both paths was quickly turning into a real maintenance headache. The net result (no pun intended :-) is that connections over a flaky network continue to get through, even while the machine is being flooded at a high rate. -- Jason R. Thorpe From owner-tcp-impl@lerc.nasa.gov Wed Oct 13 22:07:22 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA08348 for ; Wed, 13 Oct 1999 22:07:21 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id SAA21385 for tcp-impl-outgoing; Wed, 13 Oct 1999 18:40:56 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id SAA21366 for ; Wed, 13 Oct 1999 18:40:53 -0400 (EDT) Received: from mail.griff-co.com (3-2-20.slc.fiber.net [209.90.98.85]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id QAA02640; Wed, 13 Oct 1999 16:40:48 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 16:41:00 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id QAA26971 for ; Wed, 13 Oct 1999 16:06:01 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id QAA24129 for ; Wed, 13 Oct 1999 16:05:55 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id NAA12857 for tcp-impl-outgoing; Wed, 13 Oct 1999 13:14:47 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id NAA12851 for ; Wed, 13 Oct 1999 13:14:44 -0400 (EDT) Received: from mail.griff-co.com (3-1-38.slc.fiber.net [209.90.98.39]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id LAA28110; Wed, 13 Oct 1999 11:14:29 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 10:28:42 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id CAA24670 for ; Wed, 13 Oct 1999 02:13:39 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id CAA14019 for ; Wed, 13 Oct 1999 02:13:37 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id XAA02578 for tcp-impl-outgoing; Tue, 12 Oct 1999 23:29:21 -0400 (EDT) Received: from frantic.bsdi.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id XAA02490 for ; Tue, 12 Oct 1999 23:29:15 -0400 (EDT) Received: (from dab@localhost) by frantic.bsdi.com (8.9.0/8.9.0) id WAA05957; Tue, 12 Oct 1999 22:28:21 -0500 (CDT) Date: Tue, 12 Oct 1999 22:28:21 -0500 (CDT) From: David Borman Message-Id: <199910130328.WAA05957@frantic.bsdi.com> To: liw@ascend.com Subject: Re: a question about SYN attack Cc: tcp-impl@lerc.nasa.gov X-UIDL: 8ead3c09c51a9d903e185ce9492a22c1 Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk William, > I want through the archive, and find out the summary > about the SYN flood attack from David Borman. Unfortunately > his summary(src) URL: > > ftp://ftp.bsdi.com/contrib/bsdi_contrib/44Lite-SYNcache.gz) > > is not accessible anymore and his e-mail dab@bsdi.com can > not be reached either. BSDI is back on the air, after a 2 day outage. Our ISP had a broken backbone between POPs, and we were on the wrong side. :-( Anyway, all of bsdi.com is now accessable again. For the time being, I've put a copy of the 44 SYN cache diffs up at: ftp://ftp.bsdi.com/private/44-syn-diffs.gz -David Borman, dab@bsdi.com From owner-tcp-impl@lerc.nasa.gov Wed Oct 13 22:31:32 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA08913 for ; Wed, 13 Oct 1999 22:31:31 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id TAA23507 for tcp-impl-outgoing; Wed, 13 Oct 1999 19:15:38 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id TAA23486 for ; Wed, 13 Oct 1999 19:15:31 -0400 (EDT) Received: from mail.griff-co.com (3-2-20.slc.fiber.net [209.90.98.85]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id RAA07739 for ; Wed, 13 Oct 1999 17:15:27 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 17:15:24 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id RAA07619 for ; Wed, 13 Oct 1999 17:14:36 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id RAA24612 for ; Wed, 13 Oct 1999 17:14:35 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id OAA22919 for tcp-impl-outgoing; Wed, 13 Oct 1999 14:26:37 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id OAA22897 for ; Wed, 13 Oct 1999 14:26:33 -0400 (EDT) Received: from mail.griff-co.com (3-2-22.slc.fiber.net [209.90.98.87]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id MAA20370 for ; Wed, 13 Oct 1999 12:26:23 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 12:26:33 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id KAA23763 for ; Wed, 13 Oct 1999 10:48:42 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id KAA21604 for ; Wed, 13 Oct 1999 10:48:40 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id IAA01101 for tcp-impl-outgoing; Wed, 13 Oct 1999 08:12:57 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id IAA01092 for ; Wed, 13 Oct 1999 08:12:53 -0400 (EDT) Received: from mail.griff-co.com (3-1-4.slc.fiber.net [209.90.98.5]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id GAA17417 for ; Wed, 13 Oct 1999 06:12:47 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 06:07:26 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id VAA19949 for ; Tue, 12 Oct 1999 21:25:46 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id VAA12566 for ; Tue, 12 Oct 1999 21:25:45 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id TAA18622 for tcp-impl-outgoing; Tue, 12 Oct 1999 19:09:52 -0400 (EDT) Received: from calcite.rhyolite.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id TAA18618 for ; Tue, 12 Oct 1999 19:09:50 -0400 (EDT) Received: (from vjs@localhost) by calcite.rhyolite.com (8.9.3/calcite) id RAA20851 for tcp-impl@lerc.nasa.gov env-from ; Tue, 12 Oct 1999 17:09:48 -0600 (MDT) Date: Tue, 12 Oct 1999 17:09:48 -0600 (MDT) From: Vernon Schryver Message-Id: <199910122309.RAA20851@calcite.rhyolite.com> To: tcp-impl@lerc.nasa.gov Subject: Re: a question about SYN attack X-UIDL: c153c20dc6562d623f58315a0d9a3625 Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk > From: william Li > This is the syn_cooky solusion. I believe that > Vernon's random_drop solusion super-set this > one. Does anyone have info about the radom_drop > solusion ? I think the syn-cooky solution was different, and neither a super-set, sub-set, extension, or precursor of random-drop. I also don't like it. Exactly what is the question? Dave Borman's solution can be viewed as a superset of random drop. He switched to a hash table to find TCB's, something that everyone who deals with large numbers of sockets must do to avoid performance problems. He also changed things so that much less state is kept for each partly open connection. When that table overflowed, he picked an arbitrary, reasonably random connection to throw out of the table. That last bit of picking a random connection to give up on instead of either the classic 4.*BSD tactic of the newest connection or other systems' giving up on the oldest connection is crux of random-drop. Note that the idea of random-drop was suggested by a public note by Robert Morris Jr. Has something happened to BSDI? Is there any reason to think that their FTP site won't be back? I can't reach them either, but it looks more like a routing problem at about the nearest default free router from here than a corporate dissolution. Vernon Schryver vjs@rhyolite.com From owner-tcp-impl@lerc.nasa.gov Wed Oct 13 22:31:42 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA08963 for ; Wed, 13 Oct 1999 22:31:41 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id TAA23487 for tcp-impl-outgoing; Wed, 13 Oct 1999 19:15:31 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id TAA23478 for ; Wed, 13 Oct 1999 19:15:27 -0400 (EDT) Received: from mail.griff-co.com (3-2-20.slc.fiber.net [209.90.98.85]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id RAA07724; Wed, 13 Oct 1999 17:15:20 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 17:15:21 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id RAA07474 for ; Wed, 13 Oct 1999 17:13:05 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id RAA24607 for ; Wed, 13 Oct 1999 17:13:03 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id OAA23448 for tcp-impl-outgoing; Wed, 13 Oct 1999 14:30:31 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id OAA23440 for ; Wed, 13 Oct 1999 14:30:26 -0400 (EDT) Received: from mail.griff-co.com (3-2-22.slc.fiber.net [209.90.98.87]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id MAA20979; Wed, 13 Oct 1999 12:30:17 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 12:30:27 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id LAA26879 for ; Wed, 13 Oct 1999 11:07:11 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id LAA21768 for ; Wed, 13 Oct 1999 11:07:04 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id IAA00972 for tcp-impl-outgoing; Wed, 13 Oct 1999 08:11:48 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id IAA00958 for ; Wed, 13 Oct 1999 08:11:44 -0400 (EDT) Received: from mail.griff-co.com (3-1-4.slc.fiber.net [209.90.98.5]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id GAA17178; Wed, 13 Oct 1999 06:10:55 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 06:06:57 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id UAA13240 for ; Tue, 12 Oct 1999 20:22:08 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id UAA12207 for ; Tue, 12 Oct 1999 20:22:07 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id SAA15335 for tcp-impl-outgoing; Tue, 12 Oct 1999 18:20:35 -0400 (EDT) Received: from lestat.nas.nasa.gov (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id SAA15331 for ; Tue, 12 Oct 1999 18:20:33 -0400 (EDT) Received: from lestat (localhost [127.0.0.1]) by lestat.nas.nasa.gov (8.8.8/8.6.12) with ESMTP id PAA16813; Tue, 12 Oct 1999 15:20:17 -0700 (PDT) Message-Id: <199910122220.PAA16813@lestat.nas.nasa.gov> To: Zachary Amsden Cc: william Li , tcp-impl@lerc.nasa.gov Subject: Re: a question about SYN attack Reply-To: Jason Thorpe From: Jason Thorpe Date: Tue, 12 Oct 1999 15:20:16 -0700 X-UIDL: 48f84ed1b5ac908cd2fb90d2a2c42269 Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk On Tue, 12 Oct 1999 11:49:24 -0700 Zachary Amsden wrote: > One discussion of SYN attacks is found below: > > ftp://koobera.math.uic.edu/www/syncookies/archive > > Zachary Amsden > zamsden@engr.sgi.com NetBSD also implements the Borman "SYN cache" (it's based on the original published BSDI diff, but has changed rather significantly since then). In NetBSD, it is used for all passive embryonic connections (unlike the BSD/OS version, which was activated only when the system was under "attack"). Information on obtaining the NetBSD source code can be found at: http://www.netbsd.org/ > > I want through the archive, and find out the summary > > about the SYN flood attack from David Borman. Unfortunately > > his summary(src) URL: > > > > ftp://ftp.bsdi.com/contrib/bsdi_contrib/44Lite-SYNcache.gz) > > > > is not accessible anymore and his e-mail dab@bsdi.com can > > not be reached either. > > > > Is there an RFC for this problem ? > > Is there any solution (src) available ? > > > > Very appreciated your help. > > -- Jason R. Thorpe From owner-tcp-impl@lerc.nasa.gov Wed Oct 13 22:45:58 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA09702 for ; Wed, 13 Oct 1999 22:45:57 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id TAA24468 for tcp-impl-outgoing; Wed, 13 Oct 1999 19:35:32 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id TAA24463 for ; Wed, 13 Oct 1999 19:35:26 -0400 (EDT) Received: from mail.griff-co.com (3-1-40.slc.fiber.net [209.90.98.41]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id RAA10342; Wed, 13 Oct 1999 17:35:14 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 17:35:16 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id RAA10290 for ; Wed, 13 Oct 1999 17:34:50 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id RAA24759 for ; Wed, 13 Oct 1999 17:34:49 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id OAA22982 for tcp-impl-outgoing; Wed, 13 Oct 1999 14:27:06 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id OAA22975 for ; Wed, 13 Oct 1999 14:27:04 -0400 (EDT) Received: from mail.griff-co.com (3-2-22.slc.fiber.net [209.90.98.87]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id MAA20428; Wed, 13 Oct 1999 12:26:43 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 12:26:52 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id KAA23903 for ; Wed, 13 Oct 1999 10:49:35 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id KAA21613 for ; Wed, 13 Oct 1999 10:49:34 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id IAA01174 for tcp-impl-outgoing; Wed, 13 Oct 1999 08:13:24 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id IAA01160 for ; Wed, 13 Oct 1999 08:13:22 -0400 (EDT) Received: from mail.griff-co.com (3-1-4.slc.fiber.net [209.90.98.5]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id GAA17498; Wed, 13 Oct 1999 06:13:19 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 06:07:36 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id VAA21195 for ; Tue, 12 Oct 1999 21:37:56 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id VAA12633 for ; Tue, 12 Oct 1999 21:37:37 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id TAA19143 for tcp-impl-outgoing; Tue, 12 Oct 1999 19:21:00 -0400 (EDT) Received: from mailman.cisco.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id TAA19139 for ; Tue, 12 Oct 1999 19:20:58 -0400 (EDT) Received: from bigger-dawgs ([171.70.114.134]) by mailman.cisco.com (8.8.8+Sun/CISCO.SERVER.1.2) with ESMTP id QAA27114; Tue, 12 Oct 1999 16:20:20 -0700 (PDT) Message-Id: <4.2.0.58.19991012191829.00978a50@lint.cisco.com> X-Sender: pferguso@lint.cisco.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Tue, 12 Oct 1999 19:20:11 -0400 To: william Li From: Paul Ferguson Subject: Re: a question about SYN attack Cc: tcp-impl@lerc.nasa.gov, "liw@ascend.com" In-Reply-To: <38036B15.351498D9@ascend.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-UIDL: f758b9ac9afca683296ed4b41b08dcd4 Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk Please see: ftp://ftp.isi.edu/in-notes/rfc2267.txt and http://users.quadrunner.com/chuegen/smurf.txt - paul At 10:08 AM 10/12/1999 -0700, william Li wrote: >Hi Folks: > >I want through the archive, and find out the summary >about the SYN flood attack from David Borman. Unfortunately >his summary(src) URL: > >ftp://ftp.bsdi.com/contrib/bsdi_contrib/44Lite-SYNcache.gz) > >is not accessible anymore and his e-mail dab@bsdi.com can >not be reached either. > >Is there an RFC for this problem ? >Is there any solution (src) available ? > >Very appreciated your help.Reporting-MTA: dns; drawbridge.ascend.com >Arrival-Date: Mon, 11 Oct 1999 18:19:08 -0700 (PDT) > >Final-Recipient: RFC822; dab@bsdi.com >Action: delayed >Status: 4.4.1 >Remote-MTA: DNS; relay.bsdi.com >Last-Attempt-Date: Mon, 11 Oct 1999 22:28:48 -0700 (PDT) >Will-Retry-Until: Sat, 16 Oct 1999 18:19:08 -0700 (PDT) > >Return-Path: >Received: from fw-ext.ascend.com (fw-ext [198.4.92.5]) > by drawbridge.ascend.com (8.9.1a/8.9.1) with SMTP id SAA19237 > for ; Mon, 11 Oct 1999 18:19:08 -0700 (PDT) >Received: from russet.ascend.com by fw-ext.ascend.com > via smtpd (for drawbridge.ascend.com [198.4.92.1]) with SMTP; > 12 Oct 1999 01:24:20 UT >Received: from wopr.eng.ascend.com (wopr.eng.ascend.com [206.65.212.178]) > by russet.ascend.com (8.9.1a/8.9.1) with ESMTP id SAA28353 > for ; Mon, 11 Oct 1999 18:24:19 -0700 (PDT) >Received: from wli-sun.eng.ascend.com (wli-sun.eng.ascend.com [10.40.40.132]) > by wopr.eng.ascend.com (8.9.1/8.9.1) with ESMTP id SAA07477 > for ; Mon, 11 Oct 1999 18:26:03 -0700 (PDT) >Received: from ascend.com (localhost [127.0.0.1]) > by wli-sun.eng.ascend.com (8.8.8+Sun/8.8.8) with ESMTP id SAA01504 > for ; Mon, 11 Oct 1999 18:24:19 -0700 (PDT) >Sender: liw@ascend.com >Message-ID: <38028DC3.942B40B7@ascend.com> >Date: Mon, 11 Oct 1999 18:24:19 -0700 >From: william Li >X-Mailer: Mozilla 4.6 [en] (X11; I; SunOS 5.6 sun4u) >X-Accept-Language: en >MIME-Version: 1.0 >To: dab@bsdi.com >Subject: help >Content-Type: text/plain; charset=us-ascii >Content-Transfer-Encoding: 7bit > >Hi David: > >2 years ago, you have the infamous syn attack >resolved at: > >ftp://ftp.bsdi.com/contrib/bsdi_contrib/44Lite-SYNcache.gz > >Of course, the site is closed, could you >point out the new site? or mail me the >portion of the fix if possible. > >Thanks, >-- >Cheers > >William Li >InterNetworking Systems, Lucent Technologies From owner-tcp-impl@lerc.nasa.gov Thu Oct 14 00:49:37 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA11316 for ; Thu, 14 Oct 1999 00:49:36 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id VAA29707 for tcp-impl-outgoing; Wed, 13 Oct 1999 21:35:18 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id VAA29686 for ; Wed, 13 Oct 1999 21:35:16 -0400 (EDT) Received: from mail.griff-co.com (3-1-16.slc.fiber.net [209.90.98.17]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id TAA23524 for ; Wed, 13 Oct 1999 19:35:02 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 19:35:13 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id TAA23193 for ; Wed, 13 Oct 1999 19:31:40 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id TAA25360 for ; Wed, 13 Oct 1999 19:31:39 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id PAA04896 for tcp-impl-outgoing; Wed, 13 Oct 1999 15:49:16 -0400 (EDT) Received: from cosrel1.hp.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id PAA04877 for ; Wed, 13 Oct 1999 15:49:12 -0400 (EDT) Received: from loiter.cup.hp.com (root@loiter.cup.hp.com [15.8.80.103]) by cosrel1.hp.com (8.8.6 (PHNE_17135)/8.8.5tis) with ESMTP id NAA04456 for ; Wed, 13 Oct 1999 13:49:12 -0600 (MDT) Received: from cup.hp.com (raj@loiter [15.8.80.103]) by loiter.cup.hp.com with ESMTP (8.8.6/8.7.3 TIS Messaging 5.0) id MAA21624 for ; Wed, 13 Oct 1999 12:49:08 -0700 (PDT) Message-ID: <3804E234.8B4AB99F@cup.hp.com> Date: Wed, 13 Oct 1999 12:49:08 -0700 From: Rick Jones Organization: SNSL X-Mailer: Mozilla 4.6 [en] (X11; U; HP-UX B.10.20 9000/735) X-Accept-Language: en MIME-Version: 1.0 To: tcp-impl@grc.nasa.gov Subject: queue limits for DSL and modems Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-UIDL: 1acb00baf8ec01aee770cd8d240c91ac Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk Content-Transfer-Encoding: 7bit does anyone have pointers to or data for queue limits in the downstream (ie towards the "user") direction for DSL links and/or dial-up modems? I'm looking for numbers to plug into a crude Streams port of dummynet. thanks, rick jones -- these opinions are mine, all mine; HP might not want them anyway... :) feel free to email, or post, but please do not do both... my email address is raj in the cup.hp.com domain... From owner-tcp-impl@lerc.nasa.gov Thu Oct 14 01:50:39 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA16424 for ; Thu, 14 Oct 1999 01:50:36 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id WAA02124 for tcp-impl-outgoing; Wed, 13 Oct 1999 22:25:26 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id WAA02110 for ; Wed, 13 Oct 1999 22:25:24 -0400 (EDT) Received: from mail.griff-co.com (3-1-16.slc.fiber.net [209.90.98.17]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id UAA28674; Wed, 13 Oct 1999 20:25:15 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 20:25:16 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id UAA28538 for ; Wed, 13 Oct 1999 20:23:46 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id UAA25604 for ; Wed, 13 Oct 1999 20:23:15 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id RAA18055 for tcp-impl-outgoing; Wed, 13 Oct 1999 17:57:27 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id RAA18045 for ; Wed, 13 Oct 1999 17:57:22 -0400 (EDT) Received: from mail.griff-co.com (3-2-10.slc.fiber.net [209.90.98.75]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id PAA25369; Wed, 13 Oct 1999 15:57:12 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 15:56:52 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id PAA23354 for ; Wed, 13 Oct 1999 15:46:26 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id PAA23965 for ; Wed, 13 Oct 1999 15:46:16 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id MAA05738 for tcp-impl-outgoing; Wed, 13 Oct 1999 12:20:06 -0400 (EDT) Received: from frantic.bsdi.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id MAA05732 for ; Wed, 13 Oct 1999 12:20:04 -0400 (EDT) Received: (from dab@localhost) by frantic.bsdi.com (8.9.0/8.9.0) id LAA07658; Wed, 13 Oct 1999 11:20:02 -0500 (CDT) Date: Wed, 13 Oct 1999 11:20:02 -0500 (CDT) From: David Borman Message-Id: <199910131620.LAA07658@frantic.bsdi.com> To: thorpej@nas.nasa.gov Subject: Re: a question about SYN attack Cc: tcp-impl@lerc.nasa.gov X-UIDL: f3cfa6983c548ed68e57dce72509e604 Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk > Subject: Re: a question about SYN attack > From: Jason Thorpe > Date: Tue, 12 Oct 1999 15:20:16 -0700 > > On Tue, 12 Oct 1999 11:49:24 -0700 > Zachary Amsden wrote: > > > One discussion of SYN attacks is found below: > > > > ftp://koobera.math.uic.edu/www/syncookies/archive > > > > Zachary Amsden > > zamsden@engr.sgi.com > > NetBSD also implements the Borman "SYN cache" (it's based on the original > published BSDI diff, but has changed rather significantly since then). In > NetBSD, it is used for all passive embryonic connections (unlike the BSD/OS > version, which was activated only when the system was under "attack"). I don't agree with NetBSD's decision to push all connections through the SYN cache, as the SYN cache introduces a situation where valid connections won't be established. Specifically, we don't do retransmission of the SYN/ACK out of the SYN cache (since it is assumed that when we are under attack, retransmitting all the SYN/ACKs will take up a lot of extra cycles for which there will be no benifit). This means that if we respond with a SYN/ACK to a valid connection, the returning ACK gets lost, and there is no initial data coming from the client, then the connection hangs, since ACKs are not retransmitted. My view is that when we are under a SYN flood attack, we're willing to take the risk that some connections might hang, but when we are not under attack we want to be as robust as possible, meaning we do the SYN/ACK retransmissions as necessary. Has NetBSD done something to address this issue? -David Borman, dab@bsdi.com From owner-tcp-impl@lerc.nasa.gov Thu Oct 14 01:52:14 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA16438 for ; Thu, 14 Oct 1999 01:52:14 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id WAA02623 for tcp-impl-outgoing; Wed, 13 Oct 1999 22:37:24 -0400 (EDT) Received: from stovokor.epilogue.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id WAA02619 for ; Wed, 13 Oct 1999 22:37:23 -0400 (EDT) Received: from localhost.epilogue.com ([127.0.0.1]:13835 "EHLO epilogue.com" ident: "IDENT-NOT-QUERIED [port 13835]") by stovokor.epilogue.com with ESMTP id <7777-195>; Wed, 13 Oct 1999 22:37:11 -0400 To: Jason Thorpe cc: David Borman , tcp-impl@lerc.nasa.gov Subject: Re: a question about SYN attack In-reply-to: Your message of "Wed, 13 Oct 1999 10:38:10 PDT." <199910131738.KAA27780@lestat.nas.nasa.gov> Date: Wed, 13 Oct 1999 22:37:11 -0400 From: Bill Sommerfeld Message-Id: <19991014023718Z7777-195+2377@stovokor.epilogue.com> Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk > Yes. A while back I added logic to handle transient unreachable-errors > and retransmit logic to the NetBSD SYN cache implementation. I'm pretty > sure it's all in the 1.4.1 release (and may have also been in 1.4; I'm > not entirely certain, tho...) It was definitely in 1.4 .. it got pulled onto the release branch shortly before the release. - Bill From owner-tcp-impl@lerc.nasa.gov Thu Oct 14 01:52:35 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA16449 for ; Thu, 14 Oct 1999 01:52:35 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id WAA01905 for tcp-impl-outgoing; Wed, 13 Oct 1999 22:20:26 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id WAA01897 for ; Wed, 13 Oct 1999 22:20:17 -0400 (EDT) Received: from mail.griff-co.com (3-1-16.slc.fiber.net [209.90.98.17]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id UAA28133; Wed, 13 Oct 1999 20:20:02 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 20:20:13 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id UAA27706 for ; Wed, 13 Oct 1999 20:15:17 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id UAA25567 for ; Wed, 13 Oct 1999 20:15:12 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id RAA18061 for tcp-impl-outgoing; Wed, 13 Oct 1999 17:57:34 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id RAA18030 for ; Wed, 13 Oct 1999 17:57:14 -0400 (EDT) Received: from mail.griff-co.com (3-2-10.slc.fiber.net [209.90.98.75]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id PAA25347; Wed, 13 Oct 1999 15:57:07 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 15:56:51 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id PAA23386 for ; Wed, 13 Oct 1999 15:46:32 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id PAA23969 for ; Wed, 13 Oct 1999 15:46:30 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id MAA04357 for tcp-impl-outgoing; Wed, 13 Oct 1999 12:06:58 -0400 (EDT) Received: from frantic.bsdi.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id MAA04344 for ; Wed, 13 Oct 1999 12:06:55 -0400 (EDT) Received: (from dab@localhost) by frantic.bsdi.com (8.9.0/8.9.0) id LAA07632; Wed, 13 Oct 1999 11:06:54 -0500 (CDT) Date: Wed, 13 Oct 1999 11:06:54 -0500 (CDT) From: David Borman Message-Id: <199910131606.LAA07632@frantic.bsdi.com> To: tcp-impl@lerc.nasa.gov, vjs@calcite.rhyolite.com Subject: Re: a question about SYN attack X-UIDL: 7c7768200e87983ea3c6d68b4c2d3d94 Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk > Date: Tue, 12 Oct 1999 17:09:48 -0600 (MDT) > From: Vernon Schryver > Subject: Re: a question about SYN attack > > > From: william Li > > > This is the syn_cooky solusion. I believe that > > Vernon's random_drop solusion super-set this > > one. Does anyone have info about the radom_drop > > solusion ? > > > I think the syn-cooky solution was different, and neither a super-set, > sub-set, extension, or precursor of random-drop. I also don't like it. Correct. The idea behind the syn-cookie is that when a SYN is received, send out the SYN/ACK, and forget about the connection. When the ACK is received, the connection is then created. But to avoid switching the SYN attack to an ACK attack, some magic encoding is done in the sequence number in the SYN/ACK, so that when the ACK is received, it can be verified whether or not it is in response to a SYN/ACK that we sent out. The issues with syn-cookies is how to do that encoding, and if you have to drop to a lower level of service due to lack of bits for encoding state information (like TCP window scale option). > Dave Borman's solution can be viewed as a superset of random drop. He > switched to a hash table to find TCB's, something that everyone who deals > with large numbers of sockets must do to avoid performance problems. He > also changed things so that much less state is kept for each partly open > connection. When that table overflowed, he picked an arbitrary, > reasonably random connection to throw out of the table. That last bit > of picking a random connection to give up on instead of either the classic > 4.*BSD tactic of the newest connection or other systems' giving up on > the oldest connection is crux of random-drop. Well, it's not exactly random drop. Each hash bucket has a limit, and the overall table has a limit. When we decide that we need to drop a connection due to either limit being exceeded, we drop the oldest connection on the hash bucket where we are trying to put the new connection. The hashing function is designed to be non-predictable (from the outside), so that there is a fairly good distribution across all the buckets. > Has something happened to BSDI? > ... No, other than our ISP had a 48 hour outage between POPs that knocked us off the net for 48 hours (compounded by anyone trying to call BSDI on Monday not being able to get anyone, since the main office was closed for Columbus Day.) -David Borman, dab@bsdi.com From owner-tcp-impl@lerc.nasa.gov Thu Oct 14 03:36:19 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA23083 for ; Thu, 14 Oct 1999 03:36:19 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id XAA05554 for tcp-impl-outgoing; Wed, 13 Oct 1999 23:55:49 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id XAA05545 for ; Wed, 13 Oct 1999 23:55:47 -0400 (EDT) Received: from mail.griff-co.com (3-2-3.slc.fiber.net [209.90.98.68]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id VAA08415; Wed, 13 Oct 1999 21:55:43 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 21:55:53 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id VAA04404 for ; Wed, 13 Oct 1999 21:19:02 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id VAA25838 for ; Wed, 13 Oct 1999 21:19:01 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id SAA21779 for tcp-impl-outgoing; Wed, 13 Oct 1999 18:45:22 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id SAA21774 for ; Wed, 13 Oct 1999 18:45:20 -0400 (EDT) Received: from mail.griff-co.com (3-2-20.slc.fiber.net [209.90.98.85]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id QAA03341; Wed, 13 Oct 1999 16:45:01 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 16:45:13 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id QAA02800 for ; Wed, 13 Oct 1999 16:41:26 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id QAA24384 for ; Wed, 13 Oct 1999 16:41:26 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id NAA16329 for tcp-impl-outgoing; Wed, 13 Oct 1999 13:38:19 -0400 (EDT) Received: from lestat.nas.nasa.gov (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id NAA16324 for ; Wed, 13 Oct 1999 13:38:17 -0400 (EDT) Received: from lestat (localhost [127.0.0.1]) by lestat.nas.nasa.gov (8.8.8/8.6.12) with ESMTP id KAA27780; Wed, 13 Oct 1999 10:38:11 -0700 (PDT) Message-Id: <199910131738.KAA27780@lestat.nas.nasa.gov> To: David Borman Cc: tcp-impl@lerc.nasa.gov Subject: Re: a question about SYN attack Reply-To: Jason Thorpe From: Jason Thorpe Date: Wed, 13 Oct 1999 10:38:10 -0700 X-UIDL: 992293b19505ad7a03310266cfc01bf7 Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk On Wed, 13 Oct 1999 11:20:02 -0500 (CDT) David Borman wrote: > I don't agree with NetBSD's decision to push all connections through > the SYN cache, as the SYN cache introduces a situation where valid > connections won't be established. Specifically, we don't do retransmission > of the SYN/ACK out of the SYN cache (since it is assumed that when we > are under attack, retransmitting all the SYN/ACKs will take up a lot of > extra cycles for which there will be no benifit). This means that if > we respond with a SYN/ACK to a valid connection, the returning ACK gets > lost, and there is no initial data coming from the client, then the > connection hangs, since ACKs are not retransmitted. [ ...snip... ] > Has NetBSD done something to address this issue? Yes. A while back I added logic to handle transient unreachable-errors and retransmit logic to the NetBSD SYN cache implementation. I'm pretty sure it's all in the 1.4.1 release (and may have also been in 1.4; I'm not entirely certain, tho...) When we decided to push all connections through the SYN cache, it really helped clean up that code path; using both paths was quickly turning into a real maintenance headache. The net result (no pun intended :-) is that connections over a flaky network continue to get through, even while the machine is being flooded at a high rate. -- Jason R. Thorpe From owner-tcp-impl@lerc.nasa.gov Thu Oct 14 03:52:28 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA23190 for ; Thu, 14 Oct 1999 03:52:27 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id AAA06154 for tcp-impl-outgoing; Thu, 14 Oct 1999 00:10:20 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id AAA06150 for ; Thu, 14 Oct 1999 00:10:17 -0400 (EDT) Received: from mail.griff-co.com (3-2-8.slc.fiber.net [209.90.98.73]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id WAA09801; Wed, 13 Oct 1999 22:10:14 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 22:10:14 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id WAA09592 for ; Wed, 13 Oct 1999 22:07:38 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id WAA26060 for ; Wed, 13 Oct 1999 22:07:37 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id SAA21385 for tcp-impl-outgoing; Wed, 13 Oct 1999 18:40:56 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id SAA21366 for ; Wed, 13 Oct 1999 18:40:53 -0400 (EDT) Received: from mail.griff-co.com (3-2-20.slc.fiber.net [209.90.98.85]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id QAA02640; Wed, 13 Oct 1999 16:40:48 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 16:41:00 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id QAA26971 for ; Wed, 13 Oct 1999 16:06:01 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id QAA24129 for ; Wed, 13 Oct 1999 16:05:55 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id NAA12857 for tcp-impl-outgoing; Wed, 13 Oct 1999 13:14:47 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id NAA12851 for ; Wed, 13 Oct 1999 13:14:44 -0400 (EDT) Received: from mail.griff-co.com (3-1-38.slc.fiber.net [209.90.98.39]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id LAA28110; Wed, 13 Oct 1999 11:14:29 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 10:28:42 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id CAA24670 for ; Wed, 13 Oct 1999 02:13:39 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id CAA14019 for ; Wed, 13 Oct 1999 02:13:37 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id XAA02578 for tcp-impl-outgoing; Tue, 12 Oct 1999 23:29:21 -0400 (EDT) Received: from frantic.bsdi.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id XAA02490 for ; Tue, 12 Oct 1999 23:29:15 -0400 (EDT) Received: (from dab@localhost) by frantic.bsdi.com (8.9.0/8.9.0) id WAA05957; Tue, 12 Oct 1999 22:28:21 -0500 (CDT) Date: Tue, 12 Oct 1999 22:28:21 -0500 (CDT) From: David Borman Message-Id: <199910130328.WAA05957@frantic.bsdi.com> To: liw@ascend.com Subject: Re: a question about SYN attack Cc: tcp-impl@lerc.nasa.gov X-UIDL: 8ead3c09c51a9d903e185ce9492a22c1 Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk William, > I want through the archive, and find out the summary > about the SYN flood attack from David Borman. Unfortunately > his summary(src) URL: > > ftp://ftp.bsdi.com/contrib/bsdi_contrib/44Lite-SYNcache.gz) > > is not accessible anymore and his e-mail dab@bsdi.com can > not be reached either. BSDI is back on the air, after a 2 day outage. Our ISP had a broken backbone between POPs, and we were on the wrong side. :-( Anyway, all of bsdi.com is now accessable again. For the time being, I've put a copy of the 44 SYN cache diffs up at: ftp://ftp.bsdi.com/private/44-syn-diffs.gz -David Borman, dab@bsdi.com From owner-tcp-impl@lerc.nasa.gov Thu Oct 14 05:20:27 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA23719 for ; Thu, 14 Oct 1999 05:20:26 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id CAA11739 for tcp-impl-outgoing; Thu, 14 Oct 1999 02:03:13 -0400 (EDT) Received: from mailserv.intranet.GR (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id CAA11735 for ; Thu, 14 Oct 1999 02:03:11 -0400 (EDT) Received: from ifaistos by mailserv.intranet.GR with ESMTP (8.8.8/ICM-mailhub-1.0) id JAA27439; Thu, 14 Oct 1999 09:01:05 +0300 (EET DST) Received: from intracom.gr (pcrnd46) by ifaistos with ESMTP (1.37.109.24/16.2) id AA144870740; Thu, 14 Oct 1999 08:59:00 +0300 Message-Id: <380571D0.317A0DA7@intracom.gr> Date: Thu, 14 Oct 1999 09:01:52 +0300 From: Paraskevopoulos Pavlos Organization: INTRACOM S.A X-Mailer: Mozilla 4.5 [en] (X11; I; Linux 2.2.9 i586) X-Accept-Language: en Mime-Version: 1.0 To: tcp-impl@lerc.nasa.gov Subject: help Content-Type: text/plain; charset=iso-8859-7 Content-Transfer-Encoding: 7bit Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk Content-Transfer-Encoding: 7bit . From owner-tcp-impl@lerc.nasa.gov Thu Oct 14 09:18:12 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA29306 for ; Thu, 14 Oct 1999 09:18:11 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id GAA18921 for tcp-impl-outgoing; Thu, 14 Oct 1999 06:01:35 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id GAA18917 for ; Thu, 14 Oct 1999 06:01:32 -0400 (EDT) Received: from mail.griff-co.com (3-1-11.slc.fiber.net [209.90.98.12]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id EAA24030; Thu, 14 Oct 1999 04:01:26 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for >; Thu, 14 Oct 1999 04:01:34 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id BAA05429 for ; Thu, 14 Oct 1999 01:02:23 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id BAA26733 for ; Thu, 14 Oct 1999 01:02:22 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id WAA02623 for tcp-impl-outgoing; Wed, 13 Oct 1999 22:37:24 -0400 (EDT) Received: from stovokor.epilogue.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id WAA02619 for ; Wed, 13 Oct 1999 22:37:23 -0400 (EDT) Received: from localhost.epilogue.com ([127.0.0.1]:13835 "EHLO epilogue.com" ident: "IDENT-NOT-QUERIED [port 13835]") by stovokor.epilogue.com with ESMTP id <7777-195>; Wed, 13 Oct 1999 22:37:11 -0400 To: Jason Thorpe cc: David Borman , tcp-impl@lerc.nasa.gov Subject: Re: a question about SYN attack In-reply-to: Your message of "Wed, 13 Oct 1999 10:38:10 PDT." <199910131738.KAA27780@lestat.nas.nasa.gov> Date: Wed, 13 Oct 1999 22:37:11 -0400 From: Bill Sommerfeld Message-Id: <19991014023718Z7777-195+2377@stovokor.epilogue.com> X-UIDL: bb22ed2d45768cf472d64b4feb89e548 Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk > Yes. A while back I added logic to handle transient unreachable-errors > and retransmit logic to the NetBSD SYN cache implementation. I'm pretty > sure it's all in the 1.4.1 release (and may have also been in 1.4; I'm > not entirely certain, tho...) It was definitely in 1.4 .. it got pulled onto the release branch shortly before the release. - Bill From owner-tcp-impl@lerc.nasa.gov Thu Oct 14 09:18:13 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA29317 for ; Thu, 14 Oct 1999 09:18:12 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id GAA18914 for tcp-impl-outgoing; Thu, 14 Oct 1999 06:01:30 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id GAA18910 for ; Thu, 14 Oct 1999 06:01:28 -0400 (EDT) Received: from mail.griff-co.com (3-1-11.slc.fiber.net [209.90.98.12]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id EAA24023 for ; Thu, 14 Oct 1999 04:01:23 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Thu, 14 Oct 1999 04:01:33 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id AAA01364 for ; Thu, 14 Oct 1999 00:09:31 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id AAA26506 for ; Thu, 14 Oct 1999 00:09:30 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id VAA29707 for tcp-impl-outgoing; Wed, 13 Oct 1999 21:35:18 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id VAA29686 for ; Wed, 13 Oct 1999 21:35:16 -0400 (EDT) Received: from mail.griff-co.com (3-1-16.slc.fiber.net [209.90.98.17]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id TAA23524 for ; Wed, 13 Oct 1999 19:35:02 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 19:35:13 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id TAA23193 for ; Wed, 13 Oct 1999 19:31:40 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id TAA25360 for ; Wed, 13 Oct 1999 19:31:39 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id PAA04896 for tcp-impl-outgoing; Wed, 13 Oct 1999 15:49:16 -0400 (EDT) Received: from cosrel1.hp.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id PAA04877 for ; Wed, 13 Oct 1999 15:49:12 -0400 (EDT) Received: from loiter.cup.hp.com (root@loiter.cup.hp.com [15.8.80.103]) by cosrel1.hp.com (8.8.6 (PHNE_17135)/8.8.5tis) with ESMTP id NAA04456 for ; Wed, 13 Oct 1999 13:49:12 -0600 (MDT) Received: from cup.hp.com (raj@loiter [15.8.80.103]) by loiter.cup.hp.com with ESMTP (8.8.6/8.7.3 TIS Messaging 5.0) id MAA21624 for ; Wed, 13 Oct 1999 12:49:08 -0700 (PDT) Message-ID: <3804E234.8B4AB99F@cup.hp.com> Date: Wed, 13 Oct 1999 12:49:08 -0700 From: Rick Jones Organization: SNSL X-Mailer: Mozilla 4.6 [en] (X11; U; HP-UX B.10.20 9000/735) X-Accept-Language: en MIME-Version: 1.0 To: tcp-impl@grc.nasa.gov Subject: queue limits for DSL and modems Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-UIDL: 1acb00baf8ec01aee770cd8d240c91ac Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk Content-Transfer-Encoding: 7bit does anyone have pointers to or data for queue limits in the downstream (ie towards the "user") direction for DSL links and/or dial-up modems? I'm looking for numbers to plug into a crude Streams port of dummynet. thanks, rick jones -- these opinions are mine, all mine; HP might not want them anyway... :) feel free to email, or post, but please do not do both... my email address is raj in the cup.hp.com domain... From owner-tcp-impl@lerc.nasa.gov Thu Oct 14 09:19:37 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA29377 for ; Thu, 14 Oct 1999 09:19:36 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id GAA18935 for tcp-impl-outgoing; Thu, 14 Oct 1999 06:01:43 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id GAA18927 for ; Thu, 14 Oct 1999 06:01:39 -0400 (EDT) Received: from mail.griff-co.com (3-1-11.slc.fiber.net [209.90.98.12]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id EAA24051; Thu, 14 Oct 1999 04:01:32 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Thu, 14 Oct 1999 04:01:35 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id BAA05765 for ; Thu, 14 Oct 1999 01:06:51 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id BAA26751 for ; Thu, 14 Oct 1999 01:06:50 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id WAA01905 for tcp-impl-outgoing; Wed, 13 Oct 1999 22:20:26 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id WAA01897 for ; Wed, 13 Oct 1999 22:20:17 -0400 (EDT) Received: from mail.griff-co.com (3-1-16.slc.fiber.net [209.90.98.17]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id UAA28133; Wed, 13 Oct 1999 20:20:02 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 20:20:13 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id UAA27706 for ; Wed, 13 Oct 1999 20:15:17 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id UAA25567 for ; Wed, 13 Oct 1999 20:15:12 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id RAA18061 for tcp-impl-outgoing; Wed, 13 Oct 1999 17:57:34 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id RAA18030 for ; Wed, 13 Oct 1999 17:57:14 -0400 (EDT) Received: from mail.griff-co.com (3-2-10.slc.fiber.net [209.90.98.75]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id PAA25347; Wed, 13 Oct 1999 15:57:07 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 15:56:51 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id PAA23386 for ; Wed, 13 Oct 1999 15:46:32 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id PAA23969 for ; Wed, 13 Oct 1999 15:46:30 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id MAA04357 for tcp-impl-outgoing; Wed, 13 Oct 1999 12:06:58 -0400 (EDT) Received: from frantic.bsdi.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id MAA04344 for ; Wed, 13 Oct 1999 12:06:55 -0400 (EDT) Received: (from dab@localhost) by frantic.bsdi.com (8.9.0/8.9.0) id LAA07632; Wed, 13 Oct 1999 11:06:54 -0500 (CDT) Date: Wed, 13 Oct 1999 11:06:54 -0500 (CDT) From: David Borman Message-Id: <199910131606.LAA07632@frantic.bsdi.com> To: tcp-impl@lerc.nasa.gov, vjs@calcite.rhyolite.com Subject: Re: a question about SYN attack X-UIDL: 7c7768200e87983ea3c6d68b4c2d3d94 Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk > Date: Tue, 12 Oct 1999 17:09:48 -0600 (MDT) > From: Vernon Schryver > Subject: Re: a question about SYN attack > > > From: william Li > > > This is the syn_cooky solusion. I believe that > > Vernon's random_drop solusion super-set this > > one. Does anyone have info about the radom_drop > > solusion ? > > > I think the syn-cooky solution was different, and neither a super-set, > sub-set, extension, or precursor of random-drop. I also don't like it. Correct. The idea behind the syn-cookie is that when a SYN is received, send out the SYN/ACK, and forget about the connection. When the ACK is received, the connection is then created. But to avoid switching the SYN attack to an ACK attack, some magic encoding is done in the sequence number in the SYN/ACK, so that when the ACK is received, it can be verified whether or not it is in response to a SYN/ACK that we sent out. The issues with syn-cookies is how to do that encoding, and if you have to drop to a lower level of service due to lack of bits for encoding state information (like TCP window scale option). > Dave Borman's solution can be viewed as a superset of random drop. He > switched to a hash table to find TCB's, something that everyone who deals > with large numbers of sockets must do to avoid performance problems. He > also changed things so that much less state is kept for each partly open > connection. When that table overflowed, he picked an arbitrary, > reasonably random connection to throw out of the table. That last bit > of picking a random connection to give up on instead of either the classic > 4.*BSD tactic of the newest connection or other systems' giving up on > the oldest connection is crux of random-drop. Well, it's not exactly random drop. Each hash bucket has a limit, and the overall table has a limit. When we decide that we need to drop a connection due to either limit being exceeded, we drop the oldest connection on the hash bucket where we are trying to put the new connection. The hashing function is designed to be non-predictable (from the outside), so that there is a fairly good distribution across all the buckets. > Has something happened to BSDI? > ... No, other than our ISP had a 48 hour outage between POPs that knocked us off the net for 48 hours (compounded by anyone trying to call BSDI on Monday not being able to get anyone, since the main office was closed for Columbus Day.) -David Borman, dab@bsdi.com From owner-tcp-impl@lerc.nasa.gov Thu Oct 14 09:22:01 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA29486 for ; Thu, 14 Oct 1999 09:22:00 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id GAA18947 for tcp-impl-outgoing; Thu, 14 Oct 1999 06:01:55 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id GAA18943 for ; Thu, 14 Oct 1999 06:01:53 -0400 (EDT) Received: from mail.griff-co.com (3-1-11.slc.fiber.net [209.90.98.12]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id EAA24066; Thu, 14 Oct 1999 04:01:48 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Thu, 14 Oct 1999 04:01:37 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id DAA14466 for ; Thu, 14 Oct 1999 03:11:08 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id DAA01889 for ; Thu, 14 Oct 1999 03:11:04 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id XAA05554 for tcp-impl-outgoing; Wed, 13 Oct 1999 23:55:49 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id XAA05545 for ; Wed, 13 Oct 1999 23:55:47 -0400 (EDT) Received: from mail.griff-co.com (3-2-3.slc.fiber.net [209.90.98.68]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id VAA08415; Wed, 13 Oct 1999 21:55:43 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 21:55:53 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id VAA04404 for ; Wed, 13 Oct 1999 21:19:02 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id VAA25838 for ; Wed, 13 Oct 1999 21:19:01 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id SAA21779 for tcp-impl-outgoing; Wed, 13 Oct 1999 18:45:22 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id SAA21774 for ; Wed, 13 Oct 1999 18:45:20 -0400 (EDT) Received: from mail.griff-co.com (3-2-20.slc.fiber.net [209.90.98.85]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id QAA03341; Wed, 13 Oct 1999 16:45:01 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 16:45:13 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id QAA02800 for ; Wed, 13 Oct 1999 16:41:26 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id QAA24384 for ; Wed, 13 Oct 1999 16:41:26 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id NAA16329 for tcp-impl-outgoing; Wed, 13 Oct 1999 13:38:19 -0400 (EDT) Received: from lestat.nas.nasa.gov (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id NAA16324 for ; Wed, 13 Oct 1999 13:38:17 -0400 (EDT) Received: from lestat (localhost [127.0.0.1]) by lestat.nas.nasa.gov (8.8.8/8.6.12) with ESMTP id KAA27780; Wed, 13 Oct 1999 10:38:11 -0700 (PDT) Message-Id: <199910131738.KAA27780@lestat.nas.nasa.gov> To: David Borman Cc: tcp-impl@lerc.nasa.gov Subject: Re: a question about SYN attack Reply-To: Jason Thorpe From: Jason Thorpe Date: Wed, 13 Oct 1999 10:38:10 -0700 X-UIDL: 992293b19505ad7a03310266cfc01bf7 Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk On Wed, 13 Oct 1999 11:20:02 -0500 (CDT) David Borman wrote: > I don't agree with NetBSD's decision to push all connections through > the SYN cache, as the SYN cache introduces a situation where valid > connections won't be established. Specifically, we don't do retransmission > of the SYN/ACK out of the SYN cache (since it is assumed that when we > are under attack, retransmitting all the SYN/ACKs will take up a lot of > extra cycles for which there will be no benifit). This means that if > we respond with a SYN/ACK to a valid connection, the returning ACK gets > lost, and there is no initial data coming from the client, then the > connection hangs, since ACKs are not retransmitted. [ ...snip... ] > Has NetBSD done something to address this issue? Yes. A while back I added logic to handle transient unreachable-errors and retransmit logic to the NetBSD SYN cache implementation. I'm pretty sure it's all in the 1.4.1 release (and may have also been in 1.4; I'm not entirely certain, tho...) When we decided to push all connections through the SYN cache, it really helped clean up that code path; using both paths was quickly turning into a real maintenance headache. The net result (no pun intended :-) is that connections over a flaky network continue to get through, even while the machine is being flooded at a high rate. -- Jason R. Thorpe From owner-tcp-impl@lerc.nasa.gov Thu Oct 14 09:27:57 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA29714 for ; Thu, 14 Oct 1999 09:27:56 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id GAA18941 for tcp-impl-outgoing; Thu, 14 Oct 1999 06:01:47 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id GAA18937 for ; Thu, 14 Oct 1999 06:01:45 -0400 (EDT) Received: from mail.griff-co.com (3-1-11.slc.fiber.net [209.90.98.12]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id EAA24052; Thu, 14 Oct 1999 04:01:37 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Thu, 14 Oct 1999 04:01:36 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id BAA05816 for ; Thu, 14 Oct 1999 01:07:41 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id BAA26756 for ; Thu, 14 Oct 1999 01:07:37 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id WAA02124 for tcp-impl-outgoing; Wed, 13 Oct 1999 22:25:26 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id WAA02110 for ; Wed, 13 Oct 1999 22:25:24 -0400 (EDT) Received: from mail.griff-co.com (3-1-16.slc.fiber.net [209.90.98.17]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id UAA28674; Wed, 13 Oct 1999 20:25:15 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 20:25:16 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id UAA28538 for ; Wed, 13 Oct 1999 20:23:46 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id UAA25604 for ; Wed, 13 Oct 1999 20:23:15 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id RAA18055 for tcp-impl-outgoing; Wed, 13 Oct 1999 17:57:27 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id RAA18045 for ; Wed, 13 Oct 1999 17:57:22 -0400 (EDT) Received: from mail.griff-co.com (3-2-10.slc.fiber.net [209.90.98.75]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id PAA25369; Wed, 13 Oct 1999 15:57:12 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 15:56:52 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id PAA23354 for ; Wed, 13 Oct 1999 15:46:26 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id PAA23965 for ; Wed, 13 Oct 1999 15:46:16 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id MAA05738 for tcp-impl-outgoing; Wed, 13 Oct 1999 12:20:06 -0400 (EDT) Received: from frantic.bsdi.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id MAA05732 for ; Wed, 13 Oct 1999 12:20:04 -0400 (EDT) Received: (from dab@localhost) by frantic.bsdi.com (8.9.0/8.9.0) id LAA07658; Wed, 13 Oct 1999 11:20:02 -0500 (CDT) Date: Wed, 13 Oct 1999 11:20:02 -0500 (CDT) From: David Borman Message-Id: <199910131620.LAA07658@frantic.bsdi.com> To: thorpej@nas.nasa.gov Subject: Re: a question about SYN attack Cc: tcp-impl@lerc.nasa.gov X-UIDL: f3cfa6983c548ed68e57dce72509e604 Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk > Subject: Re: a question about SYN attack > From: Jason Thorpe > Date: Tue, 12 Oct 1999 15:20:16 -0700 > > On Tue, 12 Oct 1999 11:49:24 -0700 > Zachary Amsden wrote: > > > One discussion of SYN attacks is found below: > > > > ftp://koobera.math.uic.edu/www/syncookies/archive > > > > Zachary Amsden > > zamsden@engr.sgi.com > > NetBSD also implements the Borman "SYN cache" (it's based on the original > published BSDI diff, but has changed rather significantly since then). In > NetBSD, it is used for all passive embryonic connections (unlike the BSD/OS > version, which was activated only when the system was under "attack"). I don't agree with NetBSD's decision to push all connections through the SYN cache, as the SYN cache introduces a situation where valid connections won't be established. Specifically, we don't do retransmission of the SYN/ACK out of the SYN cache (since it is assumed that when we are under attack, retransmitting all the SYN/ACKs will take up a lot of extra cycles for which there will be no benifit). This means that if we respond with a SYN/ACK to a valid connection, the returning ACK gets lost, and there is no initial data coming from the client, then the connection hangs, since ACKs are not retransmitted. My view is that when we are under a SYN flood attack, we're willing to take the risk that some connections might hang, but when we are not under attack we want to be as robust as possible, meaning we do the SYN/ACK retransmissions as necessary. Has NetBSD done something to address this issue? -David Borman, dab@bsdi.com From owner-tcp-impl@lerc.nasa.gov Thu Oct 14 09:52:09 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA00768 for ; Thu, 14 Oct 1999 09:52:07 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id GAA20097 for tcp-impl-outgoing; Thu, 14 Oct 1999 06:35:36 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id GAA20093 for ; Thu, 14 Oct 1999 06:35:34 -0400 (EDT) Received: from mail.griff-co.com (3-1-10.slc.fiber.net [209.90.98.11]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id EAA26066 for ; Thu, 14 Oct 1999 04:35:32 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Thu, 14 Oct 1999 04:35:42 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id EAA26046 for ; Thu, 14 Oct 1999 04:35:15 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id EAA02546 for ; Thu, 14 Oct 1999 04:35:14 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id CAA11739 for tcp-impl-outgoing; Thu, 14 Oct 1999 02:03:13 -0400 (EDT) Received: from mailserv.intranet.GR (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id CAA11735 for ; Thu, 14 Oct 1999 02:03:11 -0400 (EDT) Received: from ifaistos by mailserv.intranet.GR with ESMTP (8.8.8/ICM-mailhub-1.0) id JAA27439; Thu, 14 Oct 1999 09:01:05 +0300 (EET DST) Received: from intracom.gr (pcrnd46) by ifaistos with ESMTP (1.37.109.24/16.2) id AA144870740; Thu, 14 Oct 1999 08:59:00 +0300 Message-Id: <380571D0.317A0DA7@intracom.gr> Date: Thu, 14 Oct 1999 09:01:52 +0300 From: Paraskevopoulos Pavlos Organization: INTRACOM S.A X-Mailer: Mozilla 4.5 [en] (X11; I; Linux 2.2.9 i586) X-Accept-Language: en Mime-Version: 1.0 To: tcp-impl@lerc.nasa.gov Subject: help Content-Type: text/plain; charset=iso-8859-7 Content-Transfer-Encoding: 7bit X-UIDL: 4972f3acd2101ec1ea62733d19ddc394 Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk Content-Transfer-Encoding: 7bit . From owner-tcp-impl@lerc.nasa.gov Thu Oct 14 12:13:36 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA05843 for ; Thu, 14 Oct 1999 12:13:34 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id IAA28618 for tcp-impl-outgoing; Thu, 14 Oct 1999 08:28:21 -0400 (EDT) Received: from guns.lerc.nasa.gov (guns.lerc.nasa.gov [139.88.44.160]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id IAA28608 for ; Thu, 14 Oct 1999 08:28:19 -0400 (EDT) Received: from guns.lerc.nasa.gov (localhost [127.0.0.1]) by guns.lerc.nasa.gov with ESMTP (NASA LeRC 8.7.4.1/2.01-local) id IAA19880; Thu, 14 Oct 1999 08:28:19 -0400 (EDT) Message-Id: <199910141228.IAA19880@guns.lerc.nasa.gov> To: tcp-impl@grc.nasa.gov From: Mark Allman Reply-To: mallman@grc.nasa.gov Subject: tcp-impl: testing, please ignore Organization: Late Night Hackers, NASA Glenn, Cleveland, Ohio Song-of-the-Day: Just Another Day Date: Thu, 14 Oct 1999 08:28:19 -0400 Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk Just a quick test to see if I have "fixed" some of the tcp-impl dups that have been showing up. (And, no, in this case it is not appropriate to retransmit on three dups...). allman From owner-tcp-impl@lerc.nasa.gov Thu Oct 14 17:12:57 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA13802 for ; Thu, 14 Oct 1999 17:12:52 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id NAA08071 for tcp-impl-outgoing; Thu, 14 Oct 1999 13:31:09 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id NAA08043 for ; Thu, 14 Oct 1999 13:30:58 -0400 (EDT) Received: from mail.griff-co.com (3-1-12.slc.fiber.net [209.90.98.13]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id LAA11299 for ; Thu, 14 Oct 1999 11:30:54 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Thu, 14 Oct 1999 11:30:54 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id IAA15193 for ; Thu, 14 Oct 1999 08:37:14 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id IAA03490 for ; Thu, 14 Oct 1999 08:37:07 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id GAA18914 for tcp-impl-outgoing; Thu, 14 Oct 1999 06:01:30 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id GAA18910 for ; Thu, 14 Oct 1999 06:01:28 -0400 (EDT) Received: from mail.griff-co.com (3-1-11.slc.fiber.net [209.90.98.12]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id EAA24023 for ; Thu, 14 Oct 1999 04:01:23 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Thu, 14 Oct 1999 04:01:33 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id AAA01364 for ; Thu, 14 Oct 1999 00:09:31 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id AAA26506 for ; Thu, 14 Oct 1999 00:09:30 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id VAA29707 for tcp-impl-outgoing; Wed, 13 Oct 1999 21:35:18 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id VAA29686 for ; Wed, 13 Oct 1999 21:35:16 -0400 (EDT) Received: from mail.griff-co.com (3-1-16.slc.fiber.net [209.90.98.17]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id TAA23524 for ; Wed, 13 Oct 1999 19:35:02 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Wed, 13 Oct 1999 19:35:13 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id TAA23193 for ; Wed, 13 Oct 1999 19:31:40 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id TAA25360 for ; Wed, 13 Oct 1999 19:31:39 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id PAA04896 for tcp-impl-outgoing; Wed, 13 Oct 1999 15:49:16 -0400 (EDT) Received: from cosrel1.hp.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id PAA04877 for ; Wed, 13 Oct 1999 15:49:12 -0400 (EDT) Received: from loiter.cup.hp.com (root@loiter.cup.hp.com [15.8.80.103]) by cosrel1.hp.com (8.8.6 (PHNE_17135)/8.8.5tis) with ESMTP id NAA04456 for ; Wed, 13 Oct 1999 13:49:12 -0600 (MDT) Received: from cup.hp.com (raj@loiter [15.8.80.103]) by loiter.cup.hp.com with ESMTP (8.8.6/8.7.3 TIS Messaging 5.0) id MAA21624 for ; Wed, 13 Oct 1999 12:49:08 -0700 (PDT) Message-ID: <3804E234.8B4AB99F@cup.hp.com> Date: Wed, 13 Oct 1999 12:49:08 -0700 From: Rick Jones Organization: SNSL X-Mailer: Mozilla 4.6 [en] (X11; U; HP-UX B.10.20 9000/735) X-Accept-Language: en MIME-Version: 1.0 To: tcp-impl@grc.nasa.gov Subject: queue limits for DSL and modems Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-UIDL: 1acb00baf8ec01aee770cd8d240c91ac Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk Content-Transfer-Encoding: 7bit does anyone have pointers to or data for queue limits in the downstream (ie towards the "user") direction for DSL links and/or dial-up modems? I'm looking for numbers to plug into a crude Streams port of dummynet. thanks, rick jones -- these opinions are mine, all mine; HP might not want them anyway... :) feel free to email, or post, but please do not do both... my email address is raj in the cup.hp.com domain... From owner-tcp-impl@lerc.nasa.gov Thu Oct 14 17:14:57 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA13844 for ; Thu, 14 Oct 1999 17:14:56 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id NAA08097 for tcp-impl-outgoing; Thu, 14 Oct 1999 13:31:17 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id NAA08089 for ; Thu, 14 Oct 1999 13:31:15 -0400 (EDT) Received: from mail.griff-co.com (3-1-12.slc.fiber.net [209.90.98.13]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id LAA11330 for ; Thu, 14 Oct 1999 11:31:12 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Thu, 14 Oct 1999 11:31:04 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id IAA16982 for ; Thu, 14 Oct 1999 08:51:05 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id IAA03591 for ; Thu, 14 Oct 1999 08:51:03 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id GAA20097 for tcp-impl-outgoing; Thu, 14 Oct 1999 06:35:36 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id GAA20093 for ; Thu, 14 Oct 1999 06:35:34 -0400 (EDT) Received: from mail.griff-co.com (3-1-10.slc.fiber.net [209.90.98.11]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id EAA26066 for ; Thu, 14 Oct 1999 04:35:32 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for ; Thu, 14 Oct 1999 04:35:42 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id EAA26046 for ; Thu, 14 Oct 1999 04:35:15 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id EAA02546 for ; Thu, 14 Oct 1999 04:35:14 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id CAA11739 for tcp-impl-outgoing; Thu, 14 Oct 1999 02:03:13 -0400 (EDT) Received: from mailserv.intranet.GR (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id CAA11735 for ; Thu, 14 Oct 1999 02:03:11 -0400 (EDT) Received: from ifaistos by mailserv.intranet.GR with ESMTP (8.8.8/ICM-mailhub-1.0) id JAA27439; Thu, 14 Oct 1999 09:01:05 +0300 (EET DST) Received: from intracom.gr (pcrnd46) by ifaistos with ESMTP (1.37.109.24/16.2) id AA144870740; Thu, 14 Oct 1999 08:59:00 +0300 Message-Id: <380571D0.317A0DA7@intracom.gr> Date: Thu, 14 Oct 1999 09:01:52 +0300 From: Paraskevopoulos Pavlos Organization: INTRACOM S.A X-Mailer: Mozilla 4.5 [en] (X11; I; Linux 2.2.9 i586) X-Accept-Language: en Mime-Version: 1.0 To: tcp-impl@lerc.nasa.gov Subject: help Content-Type: text/plain; charset=iso-8859-7 Content-Transfer-Encoding: 7bit X-UIDL: 4972f3acd2101ec1ea62733d19ddc394 Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk Content-Transfer-Encoding: 7bit . From owner-tcp-impl@lerc.nasa.gov Thu Oct 14 17:19:04 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA13893 for ; Thu, 14 Oct 1999 17:19:03 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id NAA08085 for tcp-impl-outgoing; Thu, 14 Oct 1999 13:31:12 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id NAA08077 for ; Thu, 14 Oct 1999 13:31:10 -0400 (EDT) Received: from mail.griff-co.com (3-1-12.slc.fiber.net [209.90.98.13]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id LAA11308; Thu, 14 Oct 1999 11:31:03 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for >; Thu, 14 Oct 1999 11:30:57 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id IAA15189 for ; Thu, 14 Oct 1999 08:37:12 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id IAA03492 for ; Thu, 14 Oct 1999 08:37:11 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id GAA18921 for tcp-impl-outgoing; Thu, 14 Oct 1999 06:01:35 -0400 (EDT) Received: from mail.fiber.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id GAA18917 for ; Thu, 14 Oct 1999 06:01:32 -0400 (EDT) Received: from mail.griff-co.com (3-1-11.slc.fiber.net [209.90.98.12]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id EAA24030; Thu, 14 Oct 1999 04:01:26 -0600 (MDT) Received: from mail.griff-co.com[192.168.42.253] by mail.griff-co.com with smtp id for >; Thu, 14 Oct 1999 04:01:34 -0600 Received: from astral.fiber.net (root@astral.fiber.net [216.83.130.6]) by mail.fiber.net (8.9.3/8.9.3) with ESMTP id BAA05429 for ; Thu, 14 Oct 1999 01:02:23 -0600 (MDT) Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by astral.fiber.net (8.9.3/8.9.3) with ESMTP id BAA26733 for ; Thu, 14 Oct 1999 01:02:22 -0600 (MDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id WAA02623 for tcp-impl-outgoing; Wed, 13 Oct 1999 22:37:24 -0400 (EDT) Received: from stovokor.epilogue.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id WAA02619 for ; Wed, 13 Oct 1999 22:37:23 -0400 (EDT) Received: from localhost.epilogue.com ([127.0.0.1]:13835 "EHLO epilogue.com" ident: "IDENT-NOT-QUERIED [port 13835]") by stovokor.epilogue.com with ESMTP id <7777-195>; Wed, 13 Oct 1999 22:37:11 -0400 To: Jason Thorpe cc: David Borman , tcp-impl@lerc.nasa.gov Subject: Re: a question about SYN attack In-reply-to: Your message of "Wed, 13 Oct 1999 10:38:10 PDT." <199910131738.KAA27780@lestat.nas.nasa.gov> Date: Wed, 13 Oct 1999 22:37:11 -0400 From: Bill Sommerfeld Message-Id: <19991014023718Z7777-195+2377@stovokor.epilogue.com> X-UIDL: bb22ed2d45768cf472d64b4feb89e548 Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk > Yes. A while back I added logic to handle transient unreachable-errors > and retransmit logic to the NetBSD SYN cache implementation. I'm pretty > sure it's all in the 1.4.1 release (and may have also been in 1.4; I'm > not entirely certain, tho...) It was definitely in 1.4 .. it got pulled onto the release branch shortly before the release. - Bill From owner-tcp-impl@lerc.nasa.gov Thu Oct 14 18:21:29 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA14836 for ; Thu, 14 Oct 1999 18:21:29 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id OAA16967 for tcp-impl-outgoing; Thu, 14 Oct 1999 14:41:48 -0400 (EDT) Received: from newman.gte.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id OAA16963 for ; Thu, 14 Oct 1999 14:41:46 -0400 (EDT) From: pwarren@gte.com Received: from mars.gte.com (mars.gte.com [132.197.86.163]) by newman.gte.com (8.9.1/8.9.1) with ESMTP id OAA22093; Thu, 14 Oct 1999 14:31:39 -0400 (EDT) Received: from trixie (trixie.gte.com [132.197.147.108]) by mars.gte.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.1960.3) id T9DJBCYW; Thu, 14 Oct 1999 14:31:27 -0400 Reply-To: To: "'Rick Jones'" Cc: Subject: RE: queue limits for DSL and modems Date: Thu, 14 Oct 1999 14:31:25 -0400 Message-ID: <9552CF5691C5D111A68200A0C92547680FE244@mars.gte.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 In-Reply-To: <9552CF5691C5D111A68200A0C925476804D055@mars.gte.com> Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk Content-Transfer-Encoding: 7bit I don't have a definitive answer, but a while back I did some performance testing over Westell Flexcap I ADSL modems (1.5Mbps downstream, 64Kbps upstream). On a bulk FTP download, I measured the sender's output into the downstream queue using Etherpeek and found it to be greater than the downstream ADSL bitrate of 1.5Mbps until ACK clocking eventually throttled it back. During that initial period, the excess data sitting in the downstream queue built up to as much as 19,300 bytes (derived from a simple calculation: measured arrival rate minus the known service rate of 1.5Mbps). Since no packets were dropped, I concluded that the queue is at least that deep. Incidentally, by doing measurements on the receiver side instead, I found the _upstream_ queue to be at least 2000 bytes deep. I don't know how representative this is of current ADSL modems, and I don't know how this compares to dialup modems, except that my impression (from conversations with Tim Shepard when he was working on this) is that they have far less buffer space than this Westell modem. All very anecdotal, but I hope it helps... = Peter ------------------------------------ Peter Warren Principal Member of Technical Staff GTE Laboratories 40 Sylvan Rd. Waltham, MA 02451 ------------------------------------ >-----Original Message----- >From: owner-tcp-impl@lerc.nasa.gov >[mailto:owner-tcp-impl@lerc.nasa.gov]On Behalf Of Rick Jones >Sent: Wednesday, October 13, 1999 3:49 PM >To: tcp-impl@grc.nasa.gov >Subject: queue limits for DSL and modems > > >does anyone have pointers to or data for queue limits in the downstream >(ie towards the "user") direction for DSL links and/or dial-up modems? >I'm looking for numbers to plug into a crude Streams port of dummynet. > >thanks, > >rick jones >-- >these opinions are mine, all mine; HP might not want them anyway... :) >feel free to email, or post, but please do not do both... >my email address is raj in the cup.hp.com domain... > > > > From owner-tcp-impl@lerc.nasa.gov Fri Oct 15 02:01:50 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA26458 for ; Fri, 15 Oct 1999 02:01:49 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id WAA23836 for tcp-impl-outgoing; Thu, 14 Oct 1999 22:40:23 -0400 (EDT) Received: from saba.cs.washington.edu (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id WAA23832 for ; Thu, 14 Oct 1999 22:40:21 -0400 (EDT) Received: from localhost (cardwell@localhost) by saba.cs.washington.edu (8.9.3/8.9.3/0.2) with ESMTP id TAA05566; Thu, 14 Oct 1999 19:26:14 -0700 (envelope-from cardwell@cs.washington.edu) X-Authentication-Warning: saba.cs.washington.edu: cardwell owned process doing -bs Date: Thu, 14 Oct 1999 19:26:14 -0700 (PDT) From: Neal Cardwell To: Rick Jones cc: tcp-impl@grc.nasa.gov Subject: Re: queue limits for DSL and modems In-Reply-To: <3804E234.8B4AB99F@cup.hp.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk Based on TCP behavior, my ADSL setup seems to be willing to buffer about 7 1500-byte packets in the downstream direction. This is an ADSL modem configured by USWest for 512Kbps down and 256Kbps up. I've heard reports of experiments deducing the existence of very big (50-70 x 1500-byte packet) buffers in dial-up modems at the University of Washington. No idea how representative either of these data points are. neal On Wed, 13 Oct 1999, Rick Jones wrote: > does anyone have pointers to or data for queue limits in the downstream > (ie towards the "user") direction for DSL links and/or dial-up modems? > I'm looking for numbers to plug into a crude Streams port of dummynet. From owner-tcp-impl@lerc.nasa.gov Fri Oct 15 12:52:31 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA17242 for ; Fri, 15 Oct 1999 12:52:27 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id IAA20509 for tcp-impl-outgoing; Fri, 15 Oct 1999 08:50:48 -0400 (EDT) Received: from s2.smtp.oleane.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id IAA17851; Fri, 15 Oct 1999 08:35:11 -0400 (EDT) Received: from Dell (dyn-1-1-255.Cor.dialup.oleane.fr [62.161.8.255]) by s2.smtp.oleane.net with SMTP id OAA95005; Fri, 15 Oct 1999 14:35:02 +0200 (CEST) Message-ID: <009c01bf1709$a9d953c0$0701a8c0@oleane.com> From: "Peter Lewis" To: Subject: Media Gateway Control Conference Date: Fri, 15 Oct 1999 14:34:42 +0200 Organization: Upperside MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0099_01BF171A.6B522F80" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk This is a multi-part message in MIME format. ------=_NextPart_000_0099_01BF171A.6B522F80 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MGCP, Megaco, H.248: performing seamless interoperation between IP and = PSTN networks. The international rendez-vous in Paris, 15-17 December 1999. More infos:=20 http://www.upperside.fr/bamgc.htm ------=_NextPart_000_0099_01BF171A.6B522F80 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
MGCP, Megaco, H.248: performing seamless = interoperation=20 between IP and PSTN
networks. The international rendez-vous in Paris, = 15-17=20 December 1999.

More infos:
http://www.upperside.fr/bamgc.= htm
 
------=_NextPart_000_0099_01BF171A.6B522F80-- From owner-tcp-impl@lerc.nasa.gov Tue Oct 19 00:30:50 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA25433 for ; Tue, 19 Oct 1999 00:30:48 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id VAA29516 for tcp-impl-outgoing; Mon, 18 Oct 1999 21:04:44 -0400 (EDT) Received: from spinoza.cs.washington.edu (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id VAA29510 for ; Mon, 18 Oct 1999 21:04:43 -0400 (EDT) Received: from LOCALHOST (LOCALHOST [127.0.0.1]) by spinoza.cs.washington.edu (8.8.5+CS/7.2ws+) with SMTP id SAA12301; Mon, 18 Oct 1999 18:04:40 -0700 (PDT) To: end2end-interest@ISI.EDU, tcp-impl@grc.nasa.gov cc: savage@cs.washington.edu Subject: new paper on TCP congestion control vulnerabilities Date: Mon, 18 Oct 1999 18:04:40 PDT Message-ID: <12292.940295080@spinoza.cs.washington.edu> From: Stefan Savage Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk This is to announce the availability of a short paper describing how TCP's current congestion control mechanisms can be easily defeated by a greedy receiver. The potential danger here is that performance-motivated users will modify their TCP stacks accordingly -- producing a "tragedy of the commons" effect. We suggest some sender-side implementation modifications to mitigate the impact of these vulnerabilities and, perhaps more academically, some simple end-to-end verification algorithms that remove the need to trust the receiver's behavior at all (for the purposes of congestion control). - Stefan (I've sent this to both end2end and tcp-impl because it seems like it may be of interest to both communities) TCP Congestion Control with a Misbehaving Receiver Stefan Savage, Neal Cardwell, David Wetherall, and Tom Anderson, ACM Computer Communications Review, October 1999. http://www.cs.washington.edu/homes/savage/papers/CCR99.ps (CCR99.pdf also works for the Postscript-challenged) Abstract: In this paper, we explore the operation of TCP congestion control when the receiver can misbehave, as might occur with a greedy Web client. We first demonstrate that there are simple attacks that allow a misbehaving receiver to drive a standard TCP sender arbitrarily fast, without losing end-to-end reliability. These attacks are widely applicable because they stem from the sender behavior specified in RFC 2581 rather than implementation bugs. We then show that it is possible to modify TCP to eliminate this undesirable behavior entirely, without requiring assumptions of any kind about receiver behavior. This is a strong result: with our solution a receiver can only reduce the data transfer rate by misbehaving, thereby eliminating the incentive to do so. From owner-tcp-impl@lerc.nasa.gov Wed Oct 20 11:39:50 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA08135 for ; Wed, 20 Oct 1999 11:39:49 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id HAA06094 for tcp-impl-outgoing; Wed, 20 Oct 1999 07:55:06 -0400 (EDT) Received: from web115.yahoomail.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with SMTP id HAA06076 for ; Wed, 20 Oct 1999 07:55:04 -0400 (EDT) Message-ID: <19991020115622.7694.rocketmail@web115.yahoomail.com> Received: from [202.41.72.172] by web115.yahoomail.com; Wed, 20 Oct 1999 04:56:22 PDT Date: Wed, 20 Oct 1999 04:56:22 -0700 (PDT) From: "R. S. Arkesh Kumar" Subject: Why do large downloads fail ? To: end2end-interest@ISI.EDU Cc: tcp-impl@grc.nasa.gov MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk Hi Why is it that we encounter problems of connections breaking off when downloading large files. Thanks in advance, Arkesh ===== R. S. Arkesh Kumar Research Engineer, Centre for Development of Telematics(C-DOT), 71/1, Miller Road, Bangalore-560 052, India. Ph : 91-80-2263399 Ext:329 Fax : 91-80-2263256 __________________________________________________ Do You Yahoo!? Bid and sell for free at http://auctions.yahoo.com From owner-tcp-impl@lerc.nasa.gov Wed Oct 20 13:28:04 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA14546 for ; Wed, 20 Oct 1999 13:28:02 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id KAA15257 for tcp-impl-outgoing; Wed, 20 Oct 1999 10:03:02 -0400 (EDT) Received: from aurora.cs.ucla.edu (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id KAA15245 for ; Wed, 20 Oct 1999 10:03:00 -0400 (EDT) Received: from IBM (wavelan47.cs.ucla.edu [131.179.32.207]) by aurora.cs.ucla.edu (8.9.1/UCLACS-5.0) with SMTP id HAA12024; Wed, 20 Oct 1999 07:02:09 -0700 (PDT) Message-Id: <199910201402.HAA12024@aurora.cs.ucla.edu> X-Sender: lixia@131.179.96.157 X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.1 Date: Wed, 20 Oct 1999 07:02:21 -0700 To: "R. S. Arkesh Kumar" , end2end-interest@ISI.EDU From: Lixia Zhang Subject: Re: Why do large downloads fail ? Cc: tcp-impl@grc.nasa.gov In-Reply-To: <19991020115622.7694.rocketmail@web115.yahoomail.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk At 04:56 AM 10/20/99 , R. S. Arkesh Kumar wrote: >Hi > Why is it that we encounter problems of >connections breaking off when downloading large files. I am not saying the fact below would be the cause, but I was a little surprised to hear Lan Wang (a UCLA student) mentioned the other day that, in freeBSD, TCP keeps a retransmission counter, whick gets reset to 0 only when cwnd >= rwnd, otherwise the couner cumulates the number of retransmissions, and causes the connection to reset when the value exceeds a threshold (12 or 16?) I did not check myself, but if this is true I hardly believe this would be a desired thing. if a receiver accidentally sets a big rwnd value, then over a narrow communication pipe - cwnd would always try to creep up to reach rwnd, and ends in packet losses and cut back every time - cwnd would never reach rwnd, thus all the rxt's get cumulated over time (and one gets a reset) Lixia >Thanks in advance, >Arkesh > > >===== >R. S. Arkesh Kumar >Research Engineer, >Centre for Development of Telematics(C-DOT), >71/1, Miller Road, >Bangalore-560 052, India. >Ph : 91-80-2263399 Ext:329 >Fax : 91-80-2263256 >__________________________________________________ >Do You Yahoo!? >Bid and sell for free at http://auctions.yahoo.com > From owner-tcp-impl@lerc.nasa.gov Wed Oct 20 17:24:30 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA24001 for ; Wed, 20 Oct 1999 17:24:30 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id NAA25583 for tcp-impl-outgoing; Wed, 20 Oct 1999 13:55:13 -0400 (EDT) Received: from mailman.cs.ucla.edu (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id NAA25556 for ; Wed, 20 Oct 1999 13:55:09 -0400 (EDT) Received: from mordred.cs.ucla.edu (mordred.cs.ucla.edu [131.179.192.128]) by mailman.cs.ucla.edu (8.9.1/UCLACS-5.0) with ESMTP id KAA02058; Wed, 20 Oct 1999 10:55:07 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mordred.cs.ucla.edu (8.9.3/8.9.3) with ESMTP id KAA64715; Wed, 20 Oct 1999 10:55:07 -0700 (PDT) (envelope-from scottm@cs.ucla.edu) Date: Wed, 20 Oct 1999 10:55:07 -0700 (PDT) From: "B. Scott Michel" To: Lixia Zhang cc: "R. S. Arkesh Kumar" , end2end-interest@ISI.EDU, tcp-impl@grc.nasa.gov Subject: Re: Why do large downloads fail ? In-Reply-To: <199910201402.HAA12024@aurora.cs.ucla.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk On Wed, 20 Oct 1999, Lixia Zhang wrote: > At 04:56 AM 10/20/99 , R. S. Arkesh Kumar wrote: > > Why is it that we encounter problems of > >connections breaking off when downloading large files. > > I am not saying the fact below would be the cause, but I was a little > surprised to hear Lan Wang (a UCLA student) mentioned the other day that, > in freeBSD, TCP keeps a retransmission counter, whick gets reset to 0 only > when cwnd >= rwnd, otherwise the couner cumulates the number of > retransmissions, and causes the connection to reset when the value exceeds > a threshold (12 or 16?) > > I did not check myself, but if this is true I hardly believe this would be > a desired thing. if a receiver accidentally sets a big rwnd value, then > over a narrow communication pipe > - cwnd would always try to creep up to reach rwnd, and ends > in packet losses and cut back every time > - cwnd would never reach rwnd, thus all the rxt's get cumulated > over time (and one gets a reset) This could happen as a matter of course if one sets up one's box to exploit LFN (which FreeBSD does). All one has to do is set the default TCP send and receive buffer spaces to a value greater than 65536. Hopefully, this is not what's happening to Arkesh. -scooter From owner-tcp-impl@lerc.nasa.gov Thu Oct 21 05:17:53 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA12958 for ; Thu, 21 Oct 1999 05:17:52 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id BAA02874 for tcp-impl-outgoing; Thu, 21 Oct 1999 01:43:46 -0400 (EDT) Received: from hp01.ind.uni-stuttgart.de (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id BAA02861 for ; Thu, 21 Oct 1999 01:43:44 -0400 (EDT) Received: from hp04.ind.uni-stuttgart.de (hp04 [129.69.170.4]) by hp01.ind.uni-stuttgart.de (8.8.6 (PHNE_17135)/8.8.3) with ESMTP id HAA17500; Thu, 21 Oct 1999 07:43:37 +0200 (METDST) From: Martin Lorang Received: (from lorang@localhost) by hp04.ind.uni-stuttgart.de (8.8.6 (PHNE_17135)/8.8.3) id HAA18528; Thu, 21 Oct 1999 07:43:35 +0200 (METDST) Date: Thu, 21 Oct 1999 07:43:35 +0200 (METDST) Message-Id: <9910210743.ZM18503@hp04> Received: from zephyr.isi.edu (zephyr.isi.edu [128.9.160.160]) by hp01.ind.uni-stuttgart.de (8.8.6 (PHNE_17135)/8.8.3) with ESMTP id OAA03348 for ; Wed, 20 Oct 1999 14:32:26 +0200 (METDST) Received: (from majordom@localhost) by zephyr.isi.edu (8.8.7/8.8.6) id EAA27356 for end2end-interest-outgoing; Wed, 20 Oct 1999 04:55:04 -0700 (PDT) Received: from tnt.isi.edu (tnt.isi.edu [128.9.128.128]) by zephyr.isi.edu (8.8.7/8.8.6) with ESMTP id EAA27300 for ; Wed, 20 Oct 1999 04:55:00 -0700 (PDT) Received: from web115.yahoomail.com (web115.yahoomail.com [205.180.60.88]) by tnt.isi.edu (8.8.7/8.8.6) with SMTP id EAA06639 for ; Wed, 20 Oct 1999 04:54:59 -0700 (PDT) Received: from [202.41.72.172] by web115.yahoomail.com; Wed, 20 Oct 1999 04:56:22 PDT Subject: Why do large downloads fail ? To: end2end-interest@ISI.EDU Cc: tcp-impl@grc.nasa.gov MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Z-Mail (3.2.1 10oct95) Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk Hi Why is it that we encounter problems of connections breaking off when downloading large files. Thanks in advance, Arkesh ===== R. S. Arkesh Kumar Research Engineer, Centre for Development of Telematics(C-DOT), 71/1, Miller Road, Bangalore-560 052, India. Ph : 91-80-2263399 Ext:329 Fax : 91-80-2263256 __________________________________________________ Do You Yahoo!? Bid and sell for free at http://auctions.yahoo.com ----------------------------------------------------------------------------- Martin Lorang Universitaet Stuttgart Institut fuer Nachrichtenvermittlung Phone: +49 711 685 7991 und Datenverarbeitung Fax: +49 711 685 7983 Pfaffenwaldring 47 lorang@ind.uni-stuttgart.de D-70569 Stuttgart ----------------------------------------------------------------------------- From owner-tcp-impl@lerc.nasa.gov Thu Oct 21 05:39:33 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA13141 for ; Thu, 21 Oct 1999 05:39:33 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id BAA02890 for tcp-impl-outgoing; Thu, 21 Oct 1999 01:43:48 -0400 (EDT) Received: from hp01.ind.uni-stuttgart.de (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id BAA02865 for ; Thu, 21 Oct 1999 01:43:45 -0400 (EDT) Received: from hp04.ind.uni-stuttgart.de (hp04 [129.69.170.4]) by hp01.ind.uni-stuttgart.de (8.8.6 (PHNE_17135)/8.8.3) with ESMTP id HAA17504; Thu, 21 Oct 1999 07:43:37 +0200 (METDST) From: Martin Lorang Received: (from lorang@localhost) by hp04.ind.uni-stuttgart.de (8.8.6 (PHNE_17135)/8.8.3) id HAA18545; Thu, 21 Oct 1999 07:43:36 +0200 (METDST) Date: Thu, 21 Oct 1999 07:43:36 +0200 (METDST) Message-Id: <9910210743.ZM18526@hp04> Received: from zephyr.isi.edu (zephyr.isi.edu [128.9.160.160]) by hp01.ind.uni-stuttgart.de (8.8.6 (PHNE_17135)/8.8.3) with ESMTP id OAA03348 for ; Wed, 20 Oct 1999 14:32:26 +0200 (METDST) Received: (from majordom@localhost) by zephyr.isi.edu (8.8.7/8.8.6) id EAA27356 for end2end-interest-outgoing; Wed, 20 Oct 1999 04:55:04 -0700 (PDT) Received: from tnt.isi.edu (tnt.isi.edu [128.9.128.128]) by zephyr.isi.edu (8.8.7/8.8.6) with ESMTP id EAA27300 for ; Wed, 20 Oct 1999 04:55:00 -0700 (PDT) Received: from web115.yahoomail.com (web115.yahoomail.com [205.180.60.88]) by tnt.isi.edu (8.8.7/8.8.6) with SMTP id EAA06639 for ; Wed, 20 Oct 1999 04:54:59 -0700 (PDT) Received: from [202.41.72.172] by web115.yahoomail.com; Wed, 20 Oct 1999 04:56:22 PDT Subject: Why do large downloads fail ? To: end2end-interest@ISI.EDU Cc: tcp-impl@grc.nasa.gov MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Z-Mail (3.2.1 10oct95) Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk Hi Why is it that we encounter problems of connections breaking off when downloading large files. Thanks in advance, Arkesh ===== R. S. Arkesh Kumar Research Engineer, Centre for Development of Telematics(C-DOT), 71/1, Miller Road, Bangalore-560 052, India. Ph : 91-80-2263399 Ext:329 Fax : 91-80-2263256 __________________________________________________ Do You Yahoo!? Bid and sell for free at http://auctions.yahoo.com ----------------------------------------------------------------------------- Martin Lorang Universitaet Stuttgart Institut fuer Nachrichtenvermittlung Phone: +49 711 685 7991 und Datenverarbeitung Fax: +49 711 685 7983 Pfaffenwaldring 47 lorang@ind.uni-stuttgart.de D-70569 Stuttgart ----------------------------------------------------------------------------- From owner-tcp-impl@lerc.nasa.gov Thu Oct 21 06:38:47 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA13452 for ; Thu, 21 Oct 1999 06:38:46 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id DAA02833 for tcp-impl-outgoing; Thu, 21 Oct 1999 03:32:03 -0400 (EDT) Received: from hp01.ind.uni-stuttgart.de (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id DAA02818 for ; Thu, 21 Oct 1999 03:32:00 -0400 (EDT) Received: from hp04.ind.uni-stuttgart.de (hp04 [129.69.170.4]) by hp01.ind.uni-stuttgart.de (8.8.6 (PHNE_17135)/8.8.3) with ESMTP id JAA21165; Thu, 21 Oct 1999 09:31:58 +0200 (METDST) From: Martin Lorang Received: (from lorang@localhost) by hp04.ind.uni-stuttgart.de (8.8.6 (PHNE_17135)/8.8.3) id JAA19804; Thu, 21 Oct 1999 09:31:57 +0200 (METDST) Date: Thu, 21 Oct 1999 09:31:57 +0200 (METDST) Message-Id: <9910210931.ZM19793@hp04> X-Mailer: Z-Mail (3.2.1 10oct95) To: end2end-interest@ISI.EDU, tcp-impl@grc.nasa.gov Subject: Apology Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk Dear colleagues, please excuse that I forwarded twice end2end and tcp-impl e-mails back to the lists. As far as I could see, this error happened due to a misconfiguration of my mail client which is hopefully now solved. Sorry for any inconvenience. Kind regards, Martin ----------------------------------------------------------------------------- Martin Lorang Universitaet Stuttgart Institut fuer Nachrichtenvermittlung Phone: +49 711 685 7991 und Datenverarbeitung Fax: +49 711 685 7983 Pfaffenwaldring 47 lorang@ind.uni-stuttgart.de D-70569 Stuttgart ----------------------------------------------------------------------------- From owner-tcp-impl@lerc.nasa.gov Thu Oct 21 14:31:45 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA10076 for ; Thu, 21 Oct 1999 14:31:45 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id KAA05089 for tcp-impl-outgoing; Thu, 21 Oct 1999 10:37:56 -0400 (EDT) Received: from mail-blue.research.att.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id KAA05085 for ; Thu, 21 Oct 1999 10:37:54 -0400 (EDT) Received: from surfcity.research.att.com (surfcity.research.att.com [135.207.128.5]) by mail-blue.research.att.com (Postfix) with ESMTP id 26DEC4CE31 for ; Thu, 21 Oct 1999 10:37:50 -0400 (EDT) Received: from research.att.com (pckostic [135.207.130.59]) by surfcity.research.att.com (8.8.7/8.8.7) with ESMTP id KAA15591 for ; Thu, 21 Oct 1999 10:37:45 -0400 (EDT) Message-ID: <380F2535.A1858DF1@research.att.com> Date: Thu, 21 Oct 1999 10:37:41 -0400 From: Zoran Kostic X-Mailer: Mozilla 4.05 [en] (WinNT; U) MIME-Version: 1.0 To: tcp-impl@grc.nasa.gov Subject: Congestion window problem Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk Content-Transfer-Encoding: 7bit Is the following scenario a legitimate problem: * Receive window is fully open * Congestion window is 5 wide, all five segments (1,2,3,4,5) got transmitted, waiting for ACQs * Segment 2 is being timed * Channel is poor * Timeout happens * Congestion window collapses to 1 * Segment 1 which is the first unacked segment gets transmitted * Segment 1 is timed * Segments1,2,3 get acqs but 4 and 5 are not ACQed * Retransmit timer has stopped since 1 was acked * Congestion window became of size 2, but no new segments can be accepted into the window since 4 and 5 occupy the space in the window * Channel is still poor, no Acqs are comming and Nothing is being timed now so the timeout can not occur -> therefore no segment will get retransmitted, the window can not grow .... we are stuck If this is not a problem, could you comment on where the error in thinking is, or which mechanism pulls us out of trouble. Zoran Kostic, AT&T From owner-tcp-impl@lerc.nasa.gov Thu Oct 21 14:35:33 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA10185 for ; Thu, 21 Oct 1999 14:35:33 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id KAA01173 for tcp-impl-outgoing; Thu, 21 Oct 1999 10:12:33 -0400 (EDT) Received: from calcite.rhyolite.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id KAA01165 for ; Thu, 21 Oct 1999 10:12:31 -0400 (EDT) Received: (from vjs@localhost) by calcite.rhyolite.com (8.9.3/calcite) id HAA18717 env-from ; Thu, 21 Oct 1999 07:56:06 -0600 (MDT) Date: Thu, 21 Oct 1999 07:56:06 -0600 (MDT) From: Vernon Schryver Message-Id: <199910211356.HAA18717@calcite.rhyolite.com> To: end2end-interest@ISI.EDU Subject: Re: Why do large downloads fail ? Cc: tcp-impl@grc.nasa.gov Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk > From: Martin Lorang > To: end2end-interest@ISI.EDU > Cc: tcp-impl@grc.nasa.gov > Why is it that we encounter problems of > connections breaking off when downloading large files. > > Thanks in advance, > Arkesh > > ===== > R. S. Arkesh Kumar > Research Engineer, I've noticed something odd with the WINSOCK2 in Windows 98, both original and 2nd Edition. On a TCP connection that should have an RTT of about 500 ms (measured by `ping`) and that breaks (I disconnect a router), Windows does a total of 5 retransmissions and then kills tells the application WSAECONNRESET or "Connection reset by peer" instead of "connection timed out. As seen by third party on the same 10BASE-T segment, the retransmissions are at 1.561 ms after the 1st transmission, then again 3.199 seconds later, after 6.400 seconds more, 12.800 sec, and finally after 25.595 sec. That last or fifth retransmisssion is a total of 49.552 seconds after the original transmission. 50 seconds is less than the values for R2 suggested in 4.2.3.5 of RFC 1122, although they do get more than the suggested 3 retransmissions. From what I've seen of the Internet in recent years, 50 second hiccups are very much other than uncommon. If what I've observed about Microsoft's WINSOCK2 is reasonable and if R. S. Arkesh Kumar or Martin Lorang are using Windows 98, this might be related to that problem. The WSAECONNRESET error bugs me as much as the short timeout, because it misleads me into thinking that the TCP peer got unhappy (e.g. terminated the connection) and sent an RST. Vernon Schryver vjs@rhyolite.com From owner-tcp-impl@lerc.nasa.gov Thu Oct 21 16:25:15 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA13414 for ; Thu, 21 Oct 1999 16:25:14 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id MAA20319 for tcp-impl-outgoing; Thu, 21 Oct 1999 12:40:40 -0400 (EDT) Received: from frantic.bsdi.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id MAA20290 for ; Thu, 21 Oct 1999 12:40:33 -0400 (EDT) Received: (from dab@localhost) by frantic.bsdi.com (8.9.0/8.9.0) id LAA02223; Thu, 21 Oct 1999 11:40:25 -0500 (CDT) Date: Thu, 21 Oct 1999 11:40:25 -0500 (CDT) From: David Borman Message-Id: <199910211640.LAA02223@frantic.bsdi.com> To: kostic@research.att.com, tcp-impl@grc.nasa.gov Subject: Re: Congestion window problem Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk Zoran, > From owner-tcp-impl@lerc.nasa.gov Thu Oct 21 10:56:03 1999 > Date: Thu, 21 Oct 1999 10:37:41 -0400 > From: Zoran Kostic > To: tcp-impl@grc.nasa.gov > Subject: Congestion window problem > > Is the following scenario a legitimate problem: No. > * Receive window is fully open > * Congestion window is 5 wide, all five segments (1,2,3,4,5) got > transmitted, > waiting for ACQs > * Segment 2 is being timed > * Channel is poor > * Timeout happens > * Congestion window collapses to 1 > * Segment 1 which is the first unacked segment gets transmitted > * Segment 1 is timed > * Segments1,2,3 get acqs but 4 and 5 are not ACQed > * Retransmit timer has stopped since 1 was acked This is the problem. The retransmit timer continues to run as long as there is outstanding, un-acked data, so getting segment 1 acked does not turn of the retransmit timer, since 4 and 5 are still outstanding. > * Congestion window became of size 2, but no new segments can be > accepted > into the window since 4 and 5 occupy the space in the window > * Channel is still poor, no Acqs are comming and Nothing is being timed > now so > the timeout can not occur -> therefore no segment will get > retransmitted, > the window can not grow .... we are stuck > > If this is not a problem, could you comment on where the error in > thinking is, > or which mechanism pulls us out of trouble. > > Zoran Kostic, AT&T -David Borman, dab@bsdi.com From owner-tcp-impl@lerc.nasa.gov Thu Oct 21 16:35:29 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA13680 for ; Thu, 21 Oct 1999 16:35:29 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id MAA21565 for tcp-impl-outgoing; Thu, 21 Oct 1999 12:50:59 -0400 (EDT) Received: from sabre.sjf.novell.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id MAA21560 for ; Thu, 21 Oct 1999 12:50:57 -0400 (EDT) Received: (from mahdavi@localhost) by sabre.sjf.novell.com (8.9.1/8.9.1) id JAA03351; Thu, 21 Oct 1999 09:50:54 -0700 Reply-To: mahdavi@novell.com To: Zoran Kostic Cc: tcp-impl@grc.nasa.gov Subject: Re: Congestion window problem References: <380F2535.A1858DF1@research.att.com> From: Jamshid Mahdavi Date: 21 Oct 1999 09:50:54 -0700 In-Reply-To: Zoran Kostic's message of "Thu, 21 Oct 1999 10:37:41 -0400" Message-ID: Lines: 39 X-Mailer: Gnus v5.5/Emacs 20.3 Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk Zoran Kostic writes: > Is the following scenario a legitimate problem: > > * Receive window is fully open > * Congestion window is 5 wide, all five segments (1,2,3,4,5) got > transmitted, > waiting for ACQs > * Segment 2 is being timed > * Channel is poor > * Timeout happens > * Congestion window collapses to 1 > * Segment 1 which is the first unacked segment gets transmitted > * Segment 1 is timed > * Segments1,2,3 get acqs but 4 and 5 are not ACQed > * Retransmit timer has stopped since 1 was acked > * Congestion window became of size 2, but no new segments can be > accepted > into the window since 4 and 5 occupy the space in the window > * Channel is still poor, no Acqs are comming and Nothing is being timed > now so > the timeout can not occur -> therefore no segment will get > retransmitted, > the window can not grow .... we are stuck > > If this is not a problem, could you comment on where the error in > thinking is, > or which mechanism pulls us out of trouble. I see two problems with this. First, the retiming of segment 1 would not occur in a real implementation, because Karn's algorithm says you can't time a segment which has been transmitted twice. The real problem is that the timeout clock is independent of the segment timing clock. The timeout clock should always be running, unless there is no unacknowledged data. This will result in a timeout independent of whether you successfully time segment 2 (or 1). --J From owner-tcp-impl@lerc.nasa.gov Thu Oct 21 20:10:52 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA16144 for ; Thu, 21 Oct 1999 20:10:51 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id QAA20890 for tcp-impl-outgoing; Thu, 21 Oct 1999 16:53:36 -0400 (EDT) Received: from bbcr.uwaterloo.ca (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id QAA20873 for ; Thu, 21 Oct 1999 16:53:33 -0400 (EDT) Received: from bbcr-pc1.uwaterloo.ca (bbcr-pc1.uwaterloo.ca [129.97.12.156]) by bbcr.uwaterloo.ca (8.8.8/8.8.8) with SMTP id QAA06914; Thu, 21 Oct 1999 16:53:30 -0400 (EDT) X-Authentication-Warning: bbcr.uwaterloo.ca: bbcr-pc1.uwaterloo.ca [129.97.12.156] didn't use HELO protocol Message-Id: <3.0.5.32.19991021165533.008ed7d0@bbcr.uwaterloo.ca> X-Sender: jpan@bbcr.uwaterloo.ca X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Thu, 21 Oct 1999 16:55:33 -0400 To: Zoran Kostic , tcp-impl@grc.nasa.gov From: PAN Jianping Subject: Re: Congestion window problem In-Reply-To: <380F2535.A1858DF1@research.att.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk At 10:37 AM 10/21/99 -0400, Zoran Kostic wrote: > Is the following scenario a legitimate problem: > >* Receive window is fully open >* Congestion window is 5 wide, all five segments (1,2,3,4,5) got >transmitted, > waiting for ACQs >* Segment 2 is being timed >* Channel is poor >* Timeout happens after timeout, tcp goes slow-start >* Congestion window collapses to 1 >* Segment 1 which is the first unacked segment gets transmitted >* Segment 1 is timed >* Segments1,2,3 get acqs but 4 and 5 are not ACQed cwnd grows, segments go out, new timer armed >* Retransmit timer has stopped since 1 was acked >* Congestion window became of size 2, but no new segments can be >accepted cwnd depends on current ssthresh and number of acks > into the window since 4 and 5 occupy the space in the window >* Channel is still poor, no Acqs are comming and Nothing is being timed >now so > the timeout can not occur -> therefore no segment will get >retransmitted, tcp always has timer armed. ;-) > the window can not grow .... we are stuck > >If this is not a problem, could you comment on where the error in >thinking is, >or which mechanism pulls us out of trouble. i think you missed tcp's ack-clocking. > >Zoran Kostic, AT&T > > > > -------------------------------------------------------------------------- PAN Jianping jpan@bbcr.uwaterloo.ca ========================================================================== From owner-tcp-impl@lerc.nasa.gov Fri Oct 22 02:20:41 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA02925 for ; Fri, 22 Oct 1999 02:20:40 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id XAA12655 for tcp-impl-outgoing; Thu, 21 Oct 1999 23:02:42 -0400 (EDT) Received: from tuvok.lerc.nasa.gov (ras122.lerc.nasa.gov [139.88.123.122]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id XAA12647; Thu, 21 Oct 1999 23:02:36 -0400 (EDT) Received: from tuvok.lerc.nasa.gov (localhost [127.0.0.1]) by tuvok.lerc.nasa.gov (8.8.5/8.8.5) with ESMTP id XAA01765; Thu, 21 Oct 1999 23:01:29 -0400 (EDT) Message-Id: <199910220301.XAA01765@tuvok.lerc.nasa.gov> Date: Thu, 21 Oct 1999 23:01:28 -0400 From: Mark Allman Subject: paper available: On the Effective Evaluation of TCP Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk ------- Blind-Carbon-Copy To: mallman@grc.nasa.gov Cc: "Aaron Falk" From: Mark Allman Reply-To: mallman@grc.nasa.gov Subject: paper available: On the Effective Evaluation of TCP Organization: Late Night Hackers, NASA Glenn, Cleveland, Ohio Song-of-the-Day: Walking in Memphis Date: Thu, 21 Oct 1999 23:01:28 -0400 Sender: mallman@tuvok.lerc.nasa.gov Just a quick announcement of the availability of a paper Aaron Falk and I put together on techniques researchers should use when investigating TCP and potential changes to TCP. We wrote this paper mainly for newcomers to TCP research and so it may be old news to some of you (since we have learned much from many folks on these lists), but the paper might serve as a good reminder. We hope this paper encourages folks to continue to examine and extend TCP in compelling ways. I appologize for the multiple copies of this you may receive. allman - --- Mark Allman, Aaron Falk. On the Effective Evaluation of TCP, ACM Computer Communication Review, 29(5), October 1999. Understanding the performance of the Internet's Transmission Control Protocol (TCP) is important because it is the dominant protocol used in the Internet today. Various testing methods exist to evaluate TCP performance, however all have pitfalls that need to be understood prior to obtaining useful results. Simulating TCP is difficult because of the wide range of variables, environments, and implementations available. Testing TCP modifications in the global Internet may not be the answer either: testing new protocols on real networks endangers other people's traffic and, if not done correctly, may also yield inaccurate or misleading results. In order for TCP research to be independently evaluated in the Internet research community there is a set of questions that researchers should try to answer. This paper attempts to list some of those questions and make recommendations as to how TCP testing can be structured to provide useful answers. http://roland.grc.nasa.gov/~mallman/papers/tcp-evaluation.ps http://roland.grc.nasa.gov/~mallman/papers/tcp-evaluation.pdf ------- End of Blind-Carbon-Copy From owner-tcp-impl@lerc.nasa.gov Fri Oct 22 07:06:18 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA06539 for ; Fri, 22 Oct 1999 07:06:17 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id DAA21298 for tcp-impl-outgoing; Fri, 22 Oct 1999 03:36:12 -0400 (EDT) Received: from maverick.ruksun.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id DAA21281 for ; Fri, 22 Oct 1999 03:35:43 -0400 (EDT) Received: from chipmunk (RUK165.ruksun.com [204.94.124.165]) by maverick.ruksun.com (8.9.3/8.9.3) with SMTP id NAA29612; Fri, 22 Oct 1999 13:09:05 +0530 Message-ID: <016d01bf1c62$4eadf7e0$a57c5ecc@ruksun.com> From: "Kaushik Sridharan" To: "R. S. Arkesh Kumar" , Cc: References: <19991020115622.7694.rocketmail@web115.yahoomail.com> Subject: Re: Why do large downloads fail ? Date: Fri, 22 Oct 1999 13:21:18 +0530 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2014.211 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2014.211 Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk Content-Transfer-Encoding: 7bit I wonder if it is simply an increased probability that the connection times-out. The communication infrastructure here in India isn't exactly the best in the world...yet! Kaushik -- Kaushik Sridharan Ruksun Software Technologies Pune, India http://www.ruksun.com ----- Original Message ----- > Hi > Why is it that we encounter problems of > connections breaking off when downloading large files. > > Thanks in advance, > Arkesh > > > ===== > R. S. Arkesh Kumar > Research Engineer, > Centre for Development of Telematics(C-DOT), > 71/1, Miller Road, > Bangalore-560 052, India. > Ph : 91-80-2263399 Ext:329 > Fax : 91-80-2263256 > __________________________________________________ > Do You Yahoo!? > Bid and sell for free at http://auctions.yahoo.com From owner-tcp-impl@lerc.nasa.gov Fri Oct 22 15:57:57 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA04185 for ; Fri, 22 Oct 1999 15:57:57 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id LAA25944 for tcp-impl-outgoing; Fri, 22 Oct 1999 11:46:28 -0400 (EDT) Received: from ece1.ece.arizona.edu (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id LAA25929 for ; Fri, 22 Oct 1999 11:46:25 -0400 (EDT) Received: from barium.ece.arizona.edu (barium [128.196.29.241]) by ece1.ece.arizona.edu (8.9.3/8.9.3) with ESMTP id IAA14760; Fri, 22 Oct 1999 08:46:19 -0700 (MST) Received: from localhost (mani@localhost) by barium.ece.arizona.edu (8.9.1b+Sun/8.9.1) with SMTP id IAA11118; Fri, 22 Oct 1999 08:44:20 -0700 (MST) X-Authentication-Warning: barium.ece.arizona.edu: mani owned process doing -bs Date: Fri, 22 Oct 1999 08:44:20 -0700 (MST) From: Arivu Mani X-Sender: mani@barium Reply-To: Arivu Mani To: Kaushik Sridharan cc: "R. S. Arkesh Kumar" , end2end-interest@ISI.EDU, tcp-impl@grc.nasa.gov Subject: Re: Why do large downloads fail ? In-Reply-To: <016d01bf1c62$4eadf7e0$a57c5ecc@ruksun.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk I have experienced the same problem here while downloading with Windows NT. Start downloading a 3MB file using ftp.exe and it would time out. While the same file is easily downloaded with Solaris. -Mani. On Fri, 22 Oct 1999, Kaushik Sridharan wrote: *> I wonder if it is simply an increased probability that the connection *> times-out. The communication infrastructure here in India isn't *> exactly the best in the world...yet! *> *> Kaushik *> -- *> Kaushik Sridharan *> Ruksun Software Technologies *> Pune, India *> http://www.ruksun.com *> *> *> ----- Original Message ----- *> > Hi *> > Why is it that we encounter problems of *> > connections breaking off when downloading large files. *> > *> > Thanks in advance, *> > Arkesh *> > *> > *> > ===== *> > R. S. Arkesh Kumar *> > Research Engineer, *> > Centre for Development of Telematics(C-DOT), *> > 71/1, Miller Road, *> > Bangalore-560 052, India. *> > Ph : 91-80-2263399 Ext:329 *> > Fax : 91-80-2263256 *> > __________________________________________________ *> > Do You Yahoo!? *> > Bid and sell for free at http://auctions.yahoo.com *> *> *> ------------------------------------------------------------------ "Small opportunities are often the beginnings of great enterprises." -Demosthenes Arivu Mani Ramasamy, Graduate Student, ECE dept, The University of Arizona. (520) 903-9575 http://www.u.arizona.edu/~arivu From owner-tcp-impl@lerc.nasa.gov Fri Oct 22 17:13:17 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA07439 for ; Fri, 22 Oct 1999 17:13:16 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id NAA10013 for tcp-impl-outgoing; Fri, 22 Oct 1999 13:54:07 -0400 (EDT) Received: from calcite.rhyolite.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id NAA10007 for ; Fri, 22 Oct 1999 13:54:05 -0400 (EDT) Received: (from vjs@localhost) by calcite.rhyolite.com (8.9.3/calcite) id LAA22277 for tcp-impl@grc.nasa.gov env-from ; Fri, 22 Oct 1999 11:54:03 -0600 (MDT) Date: Fri, 22 Oct 1999 11:54:03 -0600 (MDT) From: Vernon Schryver Message-Id: <199910221754.LAA22277@calcite.rhyolite.com> To: tcp-impl@grc.nasa.gov Subject: Re: Why do large downloads fail ? Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk > From: Arivu Mani > I have experienced the same problem here while downloading with Windows > NT. Start downloading a 3MB file using ftp.exe and it would time out. > While the same file is easily downloaded with Solaris. > ... I've made additional measurements that say that with a 300 ms RTT instead of the ~500 ms I reported yesterday, Windows 98 will give up after less than 30 seconds. That's consistent with always giving up after 5 retransmissions, binary exponentially backed off with the first at 3 times the RTT. With the same path and at the same time, I found BSDI's BSD/OS 4.1 keeps trying for about 600 seconds or 10 minutes. If your connection happens to have a reasonable RTT of 50 or evey 100 ms instead of the very 300-500 ms. I'm testing at a pariticular site that uses modems, it seems likely that Windows would give up after only 5 or 10 seconds. It's easy to suffer a 5 or 10 second hiccup due to a routing flap or other bad thing, particularly between here and Microsoft.com. V.34, v.32bis, or v.32 modems seem to spend about 30 seconds "retraining" when they decide the phone line has change significantly. If you ask me always givin up after 5 retransmissions violates at least the spirit of RFC 1122 and is a Bad Idea(tm). What's worse, as far as I can tell, WINSOCK 2 has no provisions such as SO_RCVTIMEO. (There are explicit words in the WINSOCK 2 document saing SO_RCVTIMEO is unsuported.) In other words, it sounds like a Microsoft bug. Vernon Schryver vjs@rhyolite.com From owner-tcp-impl@lerc.nasa.gov Fri Oct 22 17:35:32 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA08676 for ; Fri, 22 Oct 1999 17:35:31 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id OAA13952 for tcp-impl-outgoing; Fri, 22 Oct 1999 14:26:13 -0400 (EDT) Received: from yarilo.pluris.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id OAA13944 for ; Fri, 22 Oct 1999 14:26:12 -0400 (EDT) Received: from monterey.pluris.com (monterey.pluris.com [172.16.50.17]) by yarilo.pluris.com (8.9.2/8.9.1) with ESMTP id LAA12295; Fri, 22 Oct 1999 11:22:29 -0700 (PDT) Received: by monterey.pluris.com with Internet Mail Service (5.5.2448.0) id ; Fri, 22 Oct 1999 11:22:25 -0700 Message-ID: <6342F12F9359D311990B009027A1B9B60BB31F@monterey.pluris.com> From: Rahul Kasralikar To: "'Kaushik Sridharan'" , "R. S. Arkesh Kumar" , end2end-interest@ISI.EDU Cc: tcp-impl@grc.nasa.gov Subject: RE: Why do large downloads fail ? Date: Fri, 22 Oct 1999 11:22:23 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk I'm not sure whether there exists such a relation betn. large-download- failure and communication-infrastructure-unreliability. IP works well even with unreliable media. Also, if the media is so bad, then even the small downloads (and other TCP apps) would fail.. Won't they? Rahul Kasralikar > -----Original Message----- > From: Kaushik Sridharan [mailto:kaushik@ruksun.com] > Sent: Friday, October 22, 1999 12:51 AM > To: R. S. Arkesh Kumar; end2end-interest@ISI.EDU > Cc: tcp-impl@grc.nasa.gov > Subject: Re: Why do large downloads fail ? > > > I wonder if it is simply an increased probability that the connection > times-out. The communication infrastructure here in India isn't > exactly the best in the world...yet! > > Kaushik > -- > Kaushik Sridharan > Ruksun Software Technologies > Pune, India > http://www.ruksun.com > > > ----- Original Message ----- > > Hi > > Why is it that we encounter problems of > > connections breaking off when downloading large files. > > > > Thanks in advance, > > Arkesh > > > > > > ===== > > R. S. Arkesh Kumar > > Research Engineer, > > Centre for Development of Telematics(C-DOT), > > 71/1, Miller Road, > > Bangalore-560 052, India. > > Ph : 91-80-2263399 Ext:329 > > Fax : 91-80-2263256 > > __________________________________________________ > > Do You Yahoo!? > > Bid and sell for free at http://auctions.yahoo.com > > From owner-tcp-impl@lerc.nasa.gov Fri Oct 22 18:04:40 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA09999 for ; Fri, 22 Oct 1999 18:04:39 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id OAA15846 for tcp-impl-outgoing; Fri, 22 Oct 1999 14:42:10 -0400 (EDT) Received: from aland.bbn.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id OAA15840 for ; Fri, 22 Oct 1999 14:42:08 -0400 (EDT) Received: from aland.bbn.com (localhost [127.0.0.1]) by aland.bbn.com (8.9.3/8.9.3) with ESMTP id LAA12783; Fri, 22 Oct 1999 11:41:00 -0700 (PDT) (envelope-from craig@aland.bbn.com) Message-Id: <199910221841.LAA12783@aland.bbn.com> To: Rahul Kasralikar cc: end2end-interest@ISI.EDU, tcp-impl@grc.nasa.gov Subject: Re: Why do large downloads fail ? In-reply-to: Your message of "Fri, 22 Oct 1999 11:22:23 PDT." <6342F12F9359D311990B009027A1B9B60BB31F@monterey.pluris.com> Date: Fri, 22 Oct 1999 11:41:00 -0700 From: Craig Partridge Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk In message <6342F12F9359D311990B009027A1B9B60BB31F@monterey.pluris.com>, Rahul Kasralikar writes: >I'm not sure whether there exists such a relation betn. large-download- >failure and communication-infrastructure-unreliability. IP works well >even with unreliable media. Also, if the media is so bad, then even the >small downloads (and other TCP apps) would fail.. Won't they? The probability of success is directly related to size of download. TCP retransmits a finite number of times, T. Assuming an error rate E, the chance of a transfer failing due to unreliable link is approximately (E**T)N, where N is the number of distinct datagrams to be transmitted. So for a 10% loss rate with 7 retransmissions, a 5MB sent as 512 byte datagrams has about a 0.1% chance of failing. Note that this assumes uncorrelated errors -- in fact they are correlated in most cases, so the odds of a failure given the initial transmission failed are higher. For instance, if the error rate is 10% on average transmission but 30% on retransmits, you get a 70% chance of failure. Craig (hoping he's done his quick calculations right:) From owner-tcp-impl@lerc.nasa.gov Fri Oct 22 19:48:15 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA12334 for ; Fri, 22 Oct 1999 19:48:15 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id QAA29833 for tcp-impl-outgoing; Fri, 22 Oct 1999 16:40:57 -0400 (EDT) Received: from mail.ocs.com.au (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with SMTP id QAA29804 for ; Fri, 22 Oct 1999 16:40:44 -0400 (EDT) Received: (qmail 17458 invoked by uid 502); 22 Oct 1999 20:40:29 -0000 Message-ID: <19991022204029.17457.qmail@mail.ocs.com.au> Received: (qmail 17451 invoked from network); 22 Oct 1999 20:40:27 -0000 Received: from ocs4.ocs-net (192.168.255.4) by mail.ocs.com.au with SMTP; 22 Oct 1999 20:40:27 -0000 X-Mailer: exmh version 2.0.2 From: Keith Owens To: tcp-impl@grc.nasa.gov Subject: Re: Why do large downloads fail ? In-reply-to: Your message of "Fri, 22 Oct 1999 11:54:03 CST." <199910221754.LAA22277@calcite.rhyolite.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sat, 23 Oct 1999 06:40:26 +1000 Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk On Fri, 22 Oct 1999 11:54:03 -0600 (MDT), Vernon Schryver wrote: >If you ask me always givin up after 5 retransmissions violates at least >the spirit of RFC 1122 and is a Bad Idea(tm). What's worse, as far as I >can tell, WINSOCK 2 has no provisions such as SO_RCVTIMEO. (There are >explicit words in the WINSOCK 2 document saing SO_RCVTIMEO is unsuported.) > >In other words, it sounds like a Microsoft bug. There is a registry entry to increase the number of retries. Under Hkey_Local_Machine\System\CurrentControlSet\Services\VxD\MSTCP (not Parameters), add a new value. The value name is MaxDataRetries, it is a string value, set the value to something larger than 5, "64" has been tried and works. Increasing this value greatly reduces the likelihood of a session dying too soon. It may work for Windows NT, the Microsoft documentation is unclear. Be careful adding the registry entry. It must be a string value and you must type the value in without quotes, regedit will add the quotes. If you define the wrong type or include non-numeric characters in the value then regedit will accept it without complaint. TCP/IP will not complain either, it silently takes the value as 0 retries. The only way you can tell if the value was mistyped is when you lose one packet and the connection dies IMMEDIATELY. Windows is not exactly the world's most reliable software, and we use it for mission critical software - sigh. Getting a good value for MaxDataRetries is trial and error. You want a large value on fast links and a small value on slow links. As far as I can tell, the only way to pick up any change to MaxDataRetries is to reboot Windows. "Your mouse has moved, you need to reboot Windows". This message was brought to you by exmh, qmail and Linux 2.3.22 in a Microsoft free zone. From owner-tcp-impl@lerc.nasa.gov Sat Oct 23 04:26:00 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA29678 for ; Sat, 23 Oct 1999 04:26:00 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id AAA17735 for tcp-impl-outgoing; Sat, 23 Oct 1999 00:53:46 -0400 (EDT) Received: from daffy.ee.lbl.gov (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id AAA17729; Sat, 23 Oct 1999 00:53:44 -0400 (EDT) Received: (from vern@localhost) by daffy.ee.lbl.gov (8.9.2/8.9.2) id VAA14694; Fri, 22 Oct 1999 21:53:42 -0700 (PDT) Message-Id: <199910230453.VAA14694@daffy.ee.lbl.gov> To: end2end-interest@ISI.EDU, tcp-impl@grc.nasa.gov, pilc@grc.nasa.gov, diffserv@ietf.org Subject: announcement of TSVWG Cc: sob@harvard.edu Date: Fri, 22 Oct 1999 21:53:41 PDT From: Vern Paxson Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk The IESG has chartered a working group, TSVWG, which serves as a way to develop bite-sized transport issues that don't have a natural home in another existing working group, and aren't large enough to merit their own working group. The charter is appended, including mailing list info. There are currently three work items in the charter: - Updates to RFC 793 to resolve conflict between diffserv and TCP interpretation of IP Precedence (draft-xiao-tcp-prec-00.txt) - Additions to RFC 2018 to use TCP SACK for detecting unnecessary retransmissions (draft-floyd-sack-00.txt) - Alternative TCP fast recovery behavior based on rate-halving (draft-mathis-tcp-ratehalving-00.txt) We would like to begin discussion of these I-Ds on the TSVWG mailing list (**not** any of the mailing lists to which we are sending this note!) and will have a meeting in DC to develop them further. - Scott Bradner & Vern Paxson Transport Area Working Group (tsvwg) ------------------------------------- Current Status: Proposed Working Group Chair(s): Scott Bradner Vern Paxson Transport Area Director(s): Scott Bradner Vern Paxson Transport Area Advisors: Scott Bradner Vern Paxson Mailing Lists: General Discussion: tsvwg@ietf.org To Subscribe: tsvwg-request@ietf.org, subject or body "subscribe" or via http://www.ietf.org/mailman/listinfo/tsvwg Archive: see http://www.ietf.org/mailman/listinfo/tsvwg Description of Working Group: The Transport area receives occasional proposals for the development and publication of RFCs dealing with Transport topics, but for which the required work does not rise to the level where a new working group is justified, yet the topic does not fit with an existing working group, and a single BOF would not provide the time to ensure a mature proposal. The tsvwg will serve as the forum for developing these types of proposals. The tsvwg mailing list will be used to discuss the proposals as they arise. The working group will meet if there are one or more active proposals that require discussion. The working group milestones will be updated as needed to reflect the proposals currently being worked on and the target dates for their completion. New milestones will be first reviewed by the IESG. The working group will be on-going as long as the ADs believe it serves a useful purpose. Initial goals and Milestones: Jan 2000: Updates to RFC 793 to resolve conflict between diffserv and TCP interpretation of IP Precedence submitted for publication as Proposed Standard Jan 2000: Addition to RFC 2018 to use TCP SACK for detecting unnecessary retransmissions submitted for publication as Proposed Standard Jan 2000: Alternative TCP fast recovery behavior based on rate-halving ID submitted for publication as Experimental From owner-tcp-impl@lerc.nasa.gov Tue Oct 26 22:35:23 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA14761 for ; Tue, 26 Oct 1999 22:35:22 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id SAA15949 for tcp-impl-outgoing; Tue, 26 Oct 1999 18:48:15 -0400 (EDT) Received: from csshome.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with SMTP id SAA15942 for ; Tue, 26 Oct 1999 18:48:13 -0400 (EDT) From: Suraj_Nair@csshome.net Received: by csshome.net(Lotus SMTP MTA v4.6.2 (693.3 8-11-1998)) id 88256816.007DED2F ; Tue, 26 Oct 1999 15:55:27 -0700 X-Lotus-FromDomain: CSSWEB To: tcp-impl@grc.nasa.gov Message-ID: <88256816.007DEC49.00@csshome.net> Date: Tue, 26 Oct 1999 15:57:26 -0700 Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk remove From owner-tcp-impl@lerc.nasa.gov Tue Oct 26 22:44:54 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA14771 for ; Tue, 26 Oct 1999 22:35:25 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id SAA15938 for tcp-impl-outgoing; Tue, 26 Oct 1999 18:48:08 -0400 (EDT) Received: from csshome.net (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with SMTP id SAA15934 for ; Tue, 26 Oct 1999 18:48:06 -0400 (EDT) From: Suraj_Nair@csshome.net Received: by csshome.net(Lotus SMTP MTA v4.6.2 (693.3 8-11-1998)) id 88256816.007DF160 ; Tue, 26 Oct 1999 15:55:37 -0700 X-Lotus-FromDomain: CSSWEB To: tcp-impl@grc.nasa.gov Message-ID: <88256816.007DF0A5.00@csshome.net> Date: Tue, 26 Oct 1999 15:57:37 -0700 Subject: remove Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk From owner-tcp-impl@lerc.nasa.gov Wed Oct 27 08:07:33 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA07202 for ; Wed, 27 Oct 1999 08:07:33 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id EAA08092 for tcp-impl-outgoing; Wed, 27 Oct 1999 04:51:27 -0400 (EDT) Received: from diplo.antw.online.be (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id EAA08088 for ; Wed, 27 Oct 1999 04:51:26 -0400 (EDT) Received: from mail_server (a01-094.antw.online.be [62.112.2.94]) by diplo.antw.online.be (8.9.3/8.9.0) with SMTP id KAA14426 for ; Wed, 27 Oct 1999 10:51:24 +0200 (MET DST) Message-ID: <002b01bf2058$41fd6680$6400a8c1@mail_server.mortier.be> From: "Mortier N.V." To: Subject: remove Date: Wed, 27 Oct 1999 10:49:47 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0014_01BF2068.FC88E1E0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk This is a multi-part message in MIME format. ------=_NextPart_000_0014_01BF2068.FC88E1E0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable remove ------=_NextPart_000_0014_01BF2068.FC88E1E0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
remove
------=_NextPart_000_0014_01BF2068.FC88E1E0-- From owner-tcp-impl@lerc.nasa.gov Wed Oct 27 13:55:54 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA26721 for ; Wed, 27 Oct 1999 13:55:54 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id KAA03687 for tcp-impl-outgoing; Wed, 27 Oct 1999 10:35:14 -0400 (EDT) Received: from atzh4.gordon.army.mil (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id KAA03665 for ; Wed, 27 Oct 1999 10:35:07 -0400 (EDT) Received: by atzh4.gordon.army.mil with Internet Mail Service (5.5.2650.21) id ; Wed, 27 Oct 1999 10:34:44 -0400 Message-ID: <70E1841C1F5BD211B3EB0000BC115952E40AB1@atzh3.gordon.army.mil> From: "Schmidt, Shawn G. SSG" To: tcp-impl@grc.nasa.gov Subject: remove Date: Wed, 27 Oct 1999 10:34:43 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk remove From owner-tcp-impl@lerc.nasa.gov Wed Oct 27 21:02:20 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA21694 for ; Wed, 27 Oct 1999 21:02:19 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id SAA29299 for tcp-impl-outgoing; Wed, 27 Oct 1999 18:13:07 -0400 (EDT) Received: from blaze-net.com (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with SMTP id SAA29293 for ; Wed, 27 Oct 1999 18:13:06 -0400 (EDT) Received: from TopLayer.com by blaze-net.com (SMI-8.6/SMI-SVR4) id SAA03898; Wed, 27 Oct 1999 18:12:44 -0400 Message-ID: <381778DC.D54E7C2C@TopLayer.com> Date: Wed, 27 Oct 1999 18:12:44 -0400 From: Frank Solensky Organization: Top Layer Networks X-Mailer: Mozilla 4.61 [en] (X11; U; Linux 2.2.5-15 i686) X-Accept-Language: en MIME-Version: 1.0 To: tcp-impl@grc.nasa.gov Subject: [Fwd: Welcome to tcp-impl] Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk Content-Transfer-Encoding: 7bit Majordomo@lerc.nasa.gov wrote: > > -- > > Welcome to the tcp-impl mailing list! > > Please save this message for future reference. Thank you. > > If you ever want to remove yourself from this mailing list, > you can send mail to with the following > command in the body of your email message: > > unsubscribe tcp-impl > > or from another account, besides ==your current email address==: > > unsubscribe tcp-impl ==your old email address== > > If you ever need to get in contact with the owner of the list, > (if you have trouble unsubscribing, or have questions about the > list itself) send email to . > This is the general rule for most mailing lists when you need > to contact a human. > > Here's the general information for the list you've subscribed to, > in case you don't already have it: > > IETF TCP Implementation WG mailing list. From owner-tcp-impl@lerc.nasa.gov Wed Oct 27 23:46:42 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA27511 for ; Wed, 27 Oct 1999 23:46:42 -0400 (EDT) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id VAA08791 for tcp-impl-outgoing; Wed, 27 Oct 1999 21:12:15 -0400 (EDT) Received: from centrin.net.id (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id VAA08787 for ; Wed, 27 Oct 1999 21:12:11 -0400 (EDT) Received: from service (DialupJkt240-239.centrin.net.id [202.146.240.239]) by centrin.net.id (8.9.3/8.9.3) with SMTP id IAA32036 for ; Thu, 28 Oct 1999 08:11:51 +0700 Message-Id: <4.0.2.19991027142648.008f9d20@mail.centrin.net.id> X-Sender: rully_ps@mail.centrin.net.id X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.2 Date: Thu, 28 Oct 1999 08:17:47 +0700 To: tcp-impl@grc.nasa.gov From: Rully-Daryl Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk remove From owner-tcp-impl@lerc.nasa.gov Sun Oct 31 16:34:46 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA24257 for ; Sun, 31 Oct 1999 16:34:41 -0500 (EST) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id OAA21755 for tcp-impl-outgoing; Sun, 31 Oct 1999 14:14:39 -0500 (EST) Received: from maile.surrey.ac.uk (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with SMTP id OAA21746 for ; Sun, 31 Oct 1999 14:14:35 -0500 (EST) Received: from petra.ee.surrey.ac.uk by maile.surrey.ac.uk with SMTP (PP); Sun, 31 Oct 1999 19:13:40 +0000 Date: Sun, 31 Oct 1999 19:14:09 +0000 (GMT) From: Lloyd Wood X-Sender: eep1lw@petra.ee.surrey.ac.uk Reply-To: Lloyd Wood To: =?iso-8859-1?Q?Rog=E9rio?= de Carvalho Andrade cc: qos-l@di.ufpe.br, diffserv@ietf.org, tcp-impl@lerc.nasa.gov Subject: Re: [Diffserv] Looking for a paper. In-Reply-To: <381C9084.64B387DA@di.ufpe.br> Message-ID: Organization: speaking for none X-url: http://www.ee.surrey.ac.uk/Personal/L.Wood/ X-no-archive: yes MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by lombok-fi.lerc.nasa.gov id OAA21751 Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk Content-Transfer-Encoding: 8bit On Sun, 31 Oct 1999, Rogério de Carvalho Andrade wrote: > Dear Sirs, > > Does someone can tell me where could I find the paper below, cited by > Yeom & Reddy in their work "Modeling TCP Behavior in a Diff. Services Network", > section "2.3- Two-window TCP"? > > W. Feng, Dilip D. Kandlur, D. Saha and Kang G. Shin, "Adaptative Packet Marking > for Providing Differentiated Services in the Internet". Proc. of Int. Conf. on > Network Protocols, Oct. 1998. http://www.eecs.umich.edu/~wuchang/ > Anything else related with "TCP + Diffserv" is welcome, too! http://www.av.com/?text=yes&q=TCP+Diffserv&pg=aq http://www.google.com/search?q=TCP+Diffserv http://www.aciri.org/floyd/tcp_diff.html (links to papers direct instead of authors' own pages; examining URLs is profitable.) L. You may know how to crosspost, but I know how to use a search engine. PGP From owner-tcp-impl@lerc.nasa.gov Sun Oct 31 16:35:03 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA24313 for ; Sun, 31 Oct 1999 16:35:02 -0500 (EST) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id NAA21304 for tcp-impl-outgoing; Sun, 31 Oct 1999 13:53:30 -0500 (EST) Received: from nt1.novaera.com.br (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with SMTP id NAA21300 for ; Sun, 31 Oct 1999 13:53:22 -0500 (EST) Received: from dial50.novaera.com.br (dial50.novaera.com.br [200.249.200.50]) by nt1.novaera.com.br (NTMail 3.03.0017/1.adcr) with ESMTP id qa336144 for ; Sun, 31 Oct 1999 16:58:22 -0200 Message-ID: <381C9084.64B387DA@di.ufpe.br> Date: Sun, 31 Oct 1999 16:55:00 -0200 From: =?iso-8859-1?Q?Rog=E9rio?= de Carvalho Andrade Organization: Embrapa - Sede (http://www.embrapa.br) / UFPE - DI (http://www.di.ufpe.br) X-Mailer: Mozilla 4.5 [en] (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: qos-l@di.ufpe.br, diffserv@ietf.org, tcp-impl@lerc.nasa.gov Subject: Looking for a paper. Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk Content-Transfer-Encoding: 7bit Dear Sirs, Does someone can tell me where could I find the paper below, cited by Yeom & Reddy in their work "Modeling TCP Behavior in a Diff. Services Network", section "2.3- Two-window TCP"? W. Feng, Dilip D. Kandlur, D. Saha and Kang G. Shin, "Adaptative Packet Marking for Providing Differentiated Services in the Internet". Proc. of Int. Conf. on Network Protocols, Oct. 1998. Anything else related with "TCP + Diffserv" is welcome, too! TIA, Rogerio -- Rogerio de Carvalho Andrade Analista de Suporte - Embrapa - DIN mailto:Rogerio.Andrade@Embrapa.br Mestrando em Ciencia da Computacao - UFPE - DI mailto:Rogerio@di.ufpe.br From owner-tcp-impl@lerc.nasa.gov Sun Oct 31 17:40:33 1999 Received: from lombok-fi.lerc.nasa.gov (lombok-fi.lerc.nasa.gov [139.88.112.33]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA06809 for ; Sun, 31 Oct 1999 17:40:32 -0500 (EST) Received: (from listserv@localhost) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) id PAA23100 for tcp-impl-outgoing; Sun, 31 Oct 1999 15:30:17 -0500 (EST) Received: from recife.di.ufpe.br (fw01.lerc.nasa.gov [139.88.145.14]) by lombok-fi.lerc.nasa.gov (NASA LeRC 8.9.1.1/8.9.1) with ESMTP id PAA23096 for ; Sun, 31 Oct 1999 15:30:15 -0500 (EST) Received: from paulista (paulista [150.161.2.50]) by recife.di.ufpe.br (8.9.3/8.9.3) with SMTP id SAA11804; Sun, 31 Oct 1999 18:29:18 -0200 (EDT) Date: Sun, 31 Oct 1999 18:29:18 -0200 (EDT) From: =?ISO-8859-1?Q?Rog=E9rio_de_Carvalho_Andrade?= X-Sender: rca3@paulista To: Lloyd Wood cc: =?iso-8859-1?Q?Rog=E9rio?= de Carvalho Andrade , qos-l@di.ufpe.br, diffserv@ietf.org, tcp-impl@lerc.nasa.gov Subject: Re: [Diffserv] Looking for a paper. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by lombok-fi.lerc.nasa.gov id PAA23097 Sender: owner-tcp-impl@lerc.nasa.gov Precedence: bulk Content-Transfer-Encoding: 8bit Thanks a lot, Lloyd! Mostly for indicating a useful web-engine (google) which could help me today, instead of a bunch others that I've tried ! (Data are cheap! Information: it's precious!) Rogerio Rogerio de Carvalho Andrade Analista de Suporte - Embrapa - DIN mailto:Rogerio.Andrade@Embrapa.br Mestrando em Ciência da Computacao - UFPE - DI mailto:Rogerio@di.ufpe.br On Sun, 31 Oct 1999, Lloyd Wood wrote: > On Sun, 31 Oct 1999, Rogério de Carvalho Andrade wrote: > > > Dear Sirs, > > > > Does someone can tell me where could I find the paper below, cited by > > Yeom & Reddy in their work "Modeling TCP Behavior in a Diff. Services Network", > > section "2.3- Two-window TCP"? > > > > W. Feng, Dilip D. Kandlur, D. Saha and Kang G. Shin, "Adaptative Packet Marking > > for Providing Differentiated Services in the Internet". Proc. of Int. Conf. on > > Network Protocols, Oct. 1998. > > http://www.eecs.umich.edu/~wuchang/ > > > Anything else related with "TCP + Diffserv" is welcome, too! > > http://www.av.com/?text=yes&q=TCP+Diffserv&pg=aq > http://www.google.com/search?q=TCP+Diffserv > http://www.aciri.org/floyd/tcp_diff.html (links to papers direct > instead of authors' own pages; examining URLs is profitable.) > > L. > > You may know how to crosspost, but I know how to use a search engine. > > PGP > >