>> it is one problem that SYN flooding demonstates. read stevens vol 3
>> chapter 14 sections on SYN_RCVD bug.
>> one structure member is used to hold two different timers.
>> a ~75 second connection establishment timer and the ~2 hour keepalive
>> timer. one can create a number of half-open sockets (in SYN_RCVD state)
>> on a server. each socket will remain open until either the keepalive
>> timer expires or the retry count is exceeded (~11 minutes).
>> enough SYN flooding can use all of the servers resources by
>> creating these half-open sockets. this depletes memory and other resources.
>> the 'accept' queue may remain virtually empty (0 or 1 waiting) thoughout
>> the exercise.
>Personally, I'm thinking that the stack should know how many slots are
>left, and at threshold, drop FIN_* state sockets, then SYN_RECEIVED's
>based on FIFO or something. Not perfect, but it'd help.
i dont know what a "slot" is.
tcp control blocks and protocol control blocks should be
dynamically allocated by the kernel. there is no effective limit (ignoring)
memory and vm) to the number of half-open sessions that can be established.
for each ip address, there are 60,000+ ports. you can pretend to be
any number of ip addresses. each one can establish a *unique* half-open
connection (src-host, src-port, dest-host, dest-port).
Jonathan M. Bresler 202-452-2831 breslerj @
MS-169 Federal Reserve Board of Governors Washington DC 20551
Speaking for myself. Others speak for the Federal Reserve Board of Governors