Date: Mon, 16 Aug 1999 18:33:51 -0700 (PDT)
From: Archie Cobbs <archie@whistle.com>
To: geoffr@is.co.za (Geoff Rehmet)
Cc: current@FreeBSD.ORG ('current@freebsd.org')
Subject: Re: Dropping connections without RST
Message-ID: <199908170133.SAA25256@bubba.whistle.com>
In-Reply-To: <E3453EC6C52ED3118E7E0090275CD47CFFAF94@isjhbex.is.co.za> from Geoff Rehmet at "Aug 16, 1999 10:26:00 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Geoff Rehmet writes:
> After the discussions regarding the "log_in_vain"
> sysctls, I was thinking about a feature I would
> like to implement:
>
> Instead of sending a RST (for TCP) or Port Unreachable
> (for UDP) where the box is not listening on a socket,
> I would like to implement a sysctl, which disables the
> sending of the RST or the Port unreachable. This is
> basically for public servers (like DNS servers), which
> I want to turn into black holes on ports where they
> are not listening. (This confuses things if someone
> strobes the machines, and also makes life a little
> more difficult for anyone who tries to portscan them.)
>
> In default configuration, everything would behave as per
> normal, and you would have to set a sysctl MIB before the
> behaviour that I have described is displayed.
>
> Can anyone think of any reason why this feature should
> not be implemented?
I like that idea... net.inet.{tcp,udp}.drop_in_vain ?
-Archie
___________________________________________________________________________
Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199908170133.SAA25256>