On Mar 15, 2012, at 12:49 PM, Seyit Özgür wrote: > Today we tried to see what happens Malformed syn packets on FreeBSD 9.0 > release.. > > Those packets rise to CPU %100 and stucks.. > > listening on ix0, link-type EN10MB (Ethernet), capture size 65535 bytes > 18:33:30.010215 IP vgn44-1-88-123-89-40.fbx.proxad.net > 85.xxx.xxx.90: tcp > 18:33:30.010242 IP 225.74.196.88.sta.estpak.ee > 85.xxx.xxx.90: tcp > 18:33:30.010269 IP Nnov-Prospekt.71.quantum.rn > 85.xxx.xxx.90: tcp > 18:33:30.010296 IP host52-108-static.49-88-b.business.telecomitalia.it > > 85.xxx.xxx.90: tcp > 18:33:30.010325 IP 125.Red-88-1-75.dynamicIP.rima-tde.net > 85.xxx.xxx.90: tcp > > i dont know which tool generate those packets.. but as we see i dont see seq, > flag, lenth etc.. just this ouput on tcpdump... > > Is there any kernel feature for do NOT process malformed syn packets ??
A firewall can block them before the system will see and try to process them as incoming traffic. Also, running tcpdump with -X will give both hex and ASCII rendition of the packets, which would be helpful to identify what you mean by "malformed". Regards, -- -Chuck _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
