syncache.4 - OpenGrok cross reference for /freebsd/share/man/man4/syncache.4

Deleted Added

sdiffudifftextold (88cd4566..)new (4548510b..)

syncache.4 (88cd456676a3da110688de14c650927b1f9a6f49)	syncache.4 (4548510be1249b1886945d1ce09cde681b7f94b4)
1.\" 2.\" syncache - TCP SYN caching to handle SYN flood DoS. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. --- 81 unchanged lines hidden (view full) --- 90.Nm Syncookies 91have a certain number of disadvantages that a paranoid 92administrator may wish to take note of. 93Since the TCP options from the initial SYN are not saved, they are not 94applied to the connection, precluding use of features like window scale, 95timestamps, or exact MSS sizing. 96As the returning ACK establishes the connection, it may be possible for 97an attacker to ACK flood a machine in an attempt to create a connection.	1.\" 2.\" syncache - TCP SYN caching to handle SYN flood DoS. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. --- 81 unchanged lines hidden (view full) --- 90.Nm Syncookies 91have a certain number of disadvantages that a paranoid 92administrator may wish to take note of. 93Since the TCP options from the initial SYN are not saved, they are not 94applied to the connection, precluding use of features like window scale, 95timestamps, or exact MSS sizing. 96As the returning ACK establishes the connection, it may be possible for 97an attacker to ACK flood a machine in an attempt to create a connection.
98While steps have been taken to militate this risk, this may provide a way	98While steps have been taken to mitigate this risk, this may provide a way
99to bypass firewalls which filter incoming segments with the SYN bit set. 100.Pp 101The 102.Nm 103implements a number of variables in 104the 105.Va net.inet.tcp.syncache 106branch of the --- 99 unchanged lines hidden ---	99to bypass firewalls which filter incoming segments with the SYN bit set. 100.Pp 101The 102.Nm 103implements a number of variables in 104the 105.Va net.inet.tcp.syncache 106branch of the --- 99 unchanged lines hidden ---