From owner-freebsd-security Wed Dec 6 8:20:26 2000 From owner-freebsd-security@FreeBSD.ORG Wed Dec 6 08:20:24 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from elvis.mu.org (elvis.mu.org [207.154.226.10]) by hub.freebsd.org (Postfix) with ESMTP id 06E6537B400 for ; Wed, 6 Dec 2000 08:20:24 -0800 (PST) Received: by elvis.mu.org (Postfix, from userid 1098) id AF7B52B28B; Wed, 6 Dec 2000 10:20:23 -0600 (CST) Date: Wed, 6 Dec 2000 10:20:23 -0600 From: Bill Fumerola To: James Lim Cc: Sebastiaan van Erk , freebsd-security@FreeBSD.ORG Subject: Re: rx list Message-ID: <20001206102023.M86825@elvis.mu.org> References: <20001206081549.A49341@sebster.com> <002801c05f55$0a492ac0$fa5e78cb@gchang> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <002801c05f55$0a492ac0$fa5e78cb@gchang>; from jameslpin@pacific.net.sg on Wed, Dec 06, 2000 at 03:20:40PM +0800 X-Operating-System: FreeBSD 4.2-FEARSOME-20001103 i386 Sender: billf@elvis.mu.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Dec 06, 2000 at 03:20:40PM +0800, James Lim wrote: > > You could try increasing the maxusers to 512 and later increase > your NMBCLUSTERS to prolly 50000. How much ram does your machine has as well > as the CPU speed? Btw i was wondering whether the new accept filter helps > in DoS attacks. > > options ACCEPT_FILTER_DATA > options ACCEPT_FILTER_HTTP It doesn't help all (most) DoS attacks, but it might help in the 'netkill' type attacks (where many connections are opened to the machine and never used). -- Bill Fumerola - security yahoo / Yahoo! inc. - fumerola@yahoo-inc.com / billf@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message