Date: Tue, 22 Feb 2005 02:20:40 -0600 (CST) From: Mike Silbersack <silby@silby.com> To: Gleb Smirnoff <glebius@FreeBSD.org> Cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/etc syslog.conf Message-ID: <20050222021322.U702@odysseus.silby.com> In-Reply-To: <200502220803.j1M839fn013604@repoman.freebsd.org> References: <200502220803.j1M839fn013604@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 22 Feb 2005, Gleb Smirnoff wrote: > Security: this change fixes a DoS condition, when default system > console is serial, and box is flooded with bogus ARP > packets Go rate-limit those messages, like we do with other kernel messages. grep for "ppsratecheck" in /usr/src/sys/kern to see the other users of that function. If losing information about the flood is an issue, you could use ppsratecheck to ensure that a generic "arp flood" message goes to the console, but the actual messages are sent with a lower priority. Mike "Silby" Silbersack
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050222021322.U702>