Implementing SYN Cache in FreeBSD to Resist SYN Flood DoS Attacks

This report delves into the intricacies of SYN flood Denial of Service (DoS) attacks and the mechanisms employed by FreeBSD to mitigate them. It begins by outlining the fundamental principles of TCP communication and the 3-way handshake, illustrating how malicious actors exploit the process to overwhelm server resources with a barrage of connection requests (SYN packets). The paper then explores various defense strategies, with a particular focus on SYN caches and SYN cookies. It analyzes the advantages and disadvantages of each approach, including the allocation of minimal state versus encoding state in cryptographic secrets. The experimental setup used to test the performance of SYN cache is described, including the hardware and software configurations. The report presents performance measurements and evaluates the effectiveness of the SYN cache implementation in FreeBSD, comparing it with SYN cookies. The analysis covers the impact of SYN flooding on server responsiveness and resource utilization. The report also discusses related work in the field and concludes by summarizing the findings and highlighting the significance of the FreeBSD SYN cache in defending against DoS attacks.