[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: Seperate queues for pending and established connections.

Hi Vinay,

sepration of the two queues does has security implementations. this
SYN flooding occured in 1996 by the great hackers ( refer UNP p.no.99)
. actually in ur server program to the listen system call u will be
mentioning a value as second arguement called as backlog. this value
for  BSD implementations will be generally 5. this number is a
addition of members from establlished and pending queues.  so when a
hacker tries to flood with SYN means he will fill the entries of the
queues so that any valid SYN from clients will be denied by the
kernel.. hence the kernel keeps a queue of the connection established
SYNs because

take a condition that the hackers SYN first got served means.. it will
be in the pending queue.. if no ip like that is there means after
timeout it is removed from que.. meanwhile if valid clients send their
SYNs and got connected to the server.. the server maintains the number
of connected in a queue ( established ) and provided a limit to the
number .. so invalid hackers will be rejected when they try to flood
when a connection prevails upto the limit.... irrespective of a valid
ip or a hacker request thru SYN...
so no need for increasing the size of the que.. to handle all the
requests from clients which may also be a spam.. so providing a limit
with the connection established queue as a limitation.. kernel dont
need to care about the number of requests from the clients occupying
the que....  i dont know i have cleared u.. but i am also new.. check
out UNP and the p.no.. mentioned.. it may be useful for u...



----- Original Message -----
From: Vinay A. Mahadik
To: linux-india-programmers@xxxxxxxxxxxxxxxxxxxxx
Sent: Thursday, November 30, 2000 12:25 PM
Subject: [LIP] Seperate queues for pending and established


Hi list,

I was doing a quick study on what/which OS-level defenses have evolved
since 1996 against SYN flood. I was wondering whether the two separate
queues implemented in Linux/Solaris/*BSD et al. for pending and
established connections has something to do with SYN flood defense.
popular books tend to imply that, but I failed to see how that helps.

Any explanations? Google surprisingly wasn't very helpful.

Thanks and bye,

An alpha version of a web based tool to manage
your subscription with this mailing list is at

Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com