Date: Tue, 16 Apr 2002 00:20:01 +1000 From: Andrew Johns <johnsa@kpi.com.au> To: Sheldon Hearn <sheldonh@starjuice.net> Cc: Christoph Kukulies <kuku@gilberto.physik.rwth-aachen.de>, freebsd-security@FreeBSD.ORG Subject: Re: Limiting closed port RST response from 381 to 200 p Message-ID: <3CBAE191.9010200@kpi.com.au> References: <12776.1018878075@axl.seasidesoftware.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
Sheldon Hearn wrote: > > You lose the "severity at a glance" value of the messages this way, but > I don't find them useful enough to warrant the mess in > /var/log/messages. > > Ciao, > Sheldon. > > Index: ip_icmp.c > =================================================================== > RCS file: /home/ncvs/src/sys/netinet/ip_icmp.c,v > retrieving revision 1.39.2.16 > diff -u -d -r1.39.2.16 ip_icmp.c > --- ip_icmp.c 22 Mar 2002 16:54:18 -0000 1.39.2.16 > +++ ip_icmp.c 15 Apr 2002 13:39:53 -0000 > @@ -862,9 +862,8 @@ > > if ((unsigned int)dticks > hz) { > if (lpackets[which] > icmplim) { > - printf("%s from %d to %d packets per second\n", > + printf("%s to %d packets per second\n", > bandlimittype[which], > - lpackets[which], > icmplim > ); > } Actually Sheldon I think that's a great idea - helps with syslog DoS somewhat as well. Anybody else care to contemplate making it either a default or sysctl (ICMP_BANDLIMIT_DOSLIMIT?) AJ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3CBAE191.9010200>