Date: Tue, 27 Jul 1999 19:42:45 +0200 From: Achim Patzner <ap@bnc.net> To: Nate Williams <nate@mt.sri.com> Cc: Julian Elischer <julian@whistle.com>, "Brian F. Feldman" <green@FreeBSD.ORG>, Matthew Dillon <dillon@apollo.backplane.com>, Joe Greco <jgreco@ns.sol.net>, hackers@FreeBSD.ORG, freebsd-ipfw@FreeBSD.ORG Subject: Re: securelevel and ipfw zero Message-ID: <19990727194245.L58970@bnc.net> In-Reply-To: <199907271715.LAA25892@mt.sri.com>; from Nate Williams on Tue, Jul 27, 1999 at 11:15:11AM -0600 References: <Pine.BSF.4.10.9907262322120.35843-100000@janus.syracuse.net> <Pine.BSF.3.95.990726204047.28343P-100000@current1.whistle.com> <199907271715.LAA25892@mt.sri.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jul 27, 1999 at 11:15:11AM -0600, Nate Williams wrote: > Then we'd have to implement per-rule counters that default to > IPFW_VERBOSE_LIMIT but that could be changed to anything. *falling on my knees* If you're going to do that what would it cost me (in chocolate bars or sushi) to get you to implement a second set of counters that will be filled by zeroing the first set (so I was able to read out counters and reset them without losing accounting information)? Or at least make zeroing printing out the contents before clearing them? Oh and while we're at it.... *runs away and tries hiding* > (Another thing I just thought of is that this could cause DoS attacks on > the system if a user compromised root and then set the limit to a very > high number.) If you have someone going berzerk as "root" on a firewall you're definitely going to have a completely different set of headaches. Why should someone start DoS attacks after capturing a firewall? It's like painting the fingernails before amputating the hand. Achim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990727194245.L58970>