Date: Tue, 16 Apr 2002 00:20:01 +1000 From: Andrew Johns <johnsa@kpi.com.au> To: Sheldon Hearn <sheldonh@starjuice.net> Cc: Christoph Kukulies <kuku@gilberto.physik.rwth-aachen.de>, freebsd-security@FreeBSD.ORG Subject: Re: Limiting closed port RST response from 381 to 200 p Message-ID: <3CBAE191.9010200@kpi.com.au> References: <12776.1018878075@axl.seasidesoftware.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
Sheldon Hearn wrote:
>
> You lose the "severity at a glance" value of the messages this way, but
> I don't find them useful enough to warrant the mess in
> /var/log/messages.
>
> Ciao,
> Sheldon.
>
> Index: ip_icmp.c
> ===================================================================
> RCS file: /home/ncvs/src/sys/netinet/ip_icmp.c,v
> retrieving revision 1.39.2.16
> diff -u -d -r1.39.2.16 ip_icmp.c
> --- ip_icmp.c 22 Mar 2002 16:54:18 -0000 1.39.2.16
> +++ ip_icmp.c 15 Apr 2002 13:39:53 -0000
> @@ -862,9 +862,8 @@
>
> if ((unsigned int)dticks > hz) {
> if (lpackets[which] > icmplim) {
> - printf("%s from %d to %d packets per second\n",
> + printf("%s to %d packets per second\n",
> bandlimittype[which],
> - lpackets[which],
> icmplim
> );
> }
Actually Sheldon I think that's a great idea - helps with
syslog DoS somewhat as well. Anybody else care to contemplate
making it either a default or sysctl (ICMP_BANDLIMIT_DOSLIMIT?)
AJ
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3CBAE191.9010200>