From owner-freebsd-security Sat Jan 12 20:16:59 2002 Delivered-To: freebsd-security@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id A344E37B404 for ; Sat, 12 Jan 2002 20:16:55 -0800 (PST) Received: by flood.ping.uio.no (Postfix, from userid 2602) id B2B5E14C57; Sun, 13 Jan 2002 05:16:53 +0100 (CET) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Bill Fumerola Cc: Lamont Granquist , Garrett Wollman , "Tim J. Robbins" , freebsd-security@FreeBSD.ORG Subject: Re: options TCP_DROP_SYNFIN References: <20011217203955.K4651-100000@coredump.scriptkiddie.org> <20020112161749.I402@elvis.mu.org> From: Dag-Erling Smorgrav Date: 13 Jan 2002 05:16:52 +0100 In-Reply-To: <20020112161749.I402@elvis.mu.org> Message-ID: Lines: 18 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.1 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Bill Fumerola writes: > On Sat, Jan 12, 2002 at 04:32:52PM +0100, Dag-Erling Smorgrav wrote: > > You've never run an IRC server, have you? > is that the requirement for commenting? No, but his comments made it clear that he was not familiar with the attack patterns IRC servers were subject to. > ok, i don't see any reasons why > this is a kernel option when the exact same functionality is available > from both firewall facilities we currently ship. Overhead. That might not be an issue anymore, though. I don't know how fast ipfw is these days. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message