Date: Tue, 8 Nov 2005 21:46:03 +0100 From: Marc Olzheim <marcolz@stack.nl> To: Lars Eggert <lars.eggert@netlab.nec.de> Cc: net@freebsd.org Subject: Re: TCP RST handling in 6.0 Message-ID: <20051108204603.GA2121@stack.nl> In-Reply-To: <E019841F-389F-4B15-942E-F30F6745ECBF@netlab.nec.de> References: <E019841F-389F-4B15-942E-F30F6745ECBF@netlab.nec.de>
next in thread | previous in thread | raw e-mail | index | archive | help
--3V7upXqbjpZ4EhLz Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Nov 08, 2005 at 11:02:25AM -0800, Lars Eggert wrote: > Thus, I'd like to suggest that the default for =20 > net.inet.tcp.insecure_rst be zero for now. AFAIK, any other TCP mod =20 > came disabled be default in the past, too. Being on the wrong end of a distributed tcp syn flood attack atm. on the machine I'm mailing from, is probably enough to convince me of its use. :-) I hardly notice anything on the machine, except for having to move the sshd to ipv6 only... Marc --3V7upXqbjpZ4EhLz Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDcQ6LezjnobFOgrERAhuaAJ0W8orTWkP8IHrFqC1vrojZRmq+wACfZDvv nXBJCQya2KdovHpoDEQznwg= =KJi8 -----END PGP SIGNATURE----- --3V7upXqbjpZ4EhLz--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051108204603.GA2121>