Date: Mon, 16 Aug 1999 10:26:00 +0200 From: Geoff Rehmet <geoffr@is.co.za> To: "'current@freebsd.org'" <current@freebsd.org> Subject: Dropping connections without RST Message-ID: <E3453EC6C52ED3118E7E0090275CD47CFFAF94@isjhbex.is.co.za>
next in thread | raw e-mail | index | archive | help
After the discussions regarding the "log_in_vain" sysctls, I was thinking about a feature I would like to implement: Instead of sending a RST (for TCP) or Port Unreachable (for UDP) where the box is not listening on a socket, I would like to implement a sysctl, which disables the sending of the RST or the Port unreachable. This is basically for public servers (like DNS servers), which I want to turn into black holes on ports where they are not listening. (This confuses things if someone strobes the machines, and also makes life a little more difficult for anyone who tries to portscan them.) In default configuration, everything would behave as per normal, and you would have to set a sysctl MIB before the behaviour that I have described is displayed. Can anyone think of any reason why this feature should not be implemented? Geoff. -- Geoff Rehmet, The Internet Solution - Infrastructure tel: +27-11-283-5462, fax: +27-11-283-5401 mobile: +27-83-292-5800 email: geoffr@is.co.za URL: http://www.is.co.za To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E3453EC6C52ED3118E7E0090275CD47CFFAF94>