27 Jun
2017
27 Jun
'17
6:33 p.m.
Not many packets dropping might be ok. In fact, I'd expect it (and
only would worry if most of the flood came back with ACKs).
SYN floods try to starve your memory resources by keeping TCP
connections half open and wait for the timeout to sweep them out. But
SYN cookies prevent that. So as long as memory allocation doesn't
skyrocket when you don't see packet drops, that's a-ok.
Andrew
On Jun 27, 2017, at 3:19 PM, lleachii--- via 44Net
<44net(a)hamradio.ucsd.edu> wrote:
Andrew,
Yes, I noticed that my device is actually blocking the traffic by implementing SYN
Cookies and SYN Flood firewall rules. It was logged by the system, but no SYN_Floods made
it through.
Further inspecting the firewall, only 5 packets in over 20,000 were dropped. Perhaps the
SYN Flood setting is too sensitive for a series of multiple DNS queries at the same time.
The "block SYN Flood" setting is pre-built by LEDE, so I'll have to review
the rules as they pertain to behavior with TCP DNS queries.
- KB3VWG
So not sure if your concern is primarily about
the SYN flood or
something else, but the system tuning in SYN cookies is a great thing.
Essentially it's a challenge-response for the users to do the heavy
lifting before the host goes through the motions to set up a TCP flow
and consume resources. Essentially this limits the 3WS to completing
only for valid connections.
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net