Date: Thu, 05 Nov 1998 09:13:45 +0100 From: Poul-Henning Kamp <phk@critter.freebsd.dk> To: Nate Williams <nate@mt.sri.com> Cc: Don Lewis <Don.Lewis@tsc.tdk.com>, cvs-committers@FreeBSD.ORG Subject: Re: cvs commit: src/usr.sbin/inetd inetd.c Message-ID: <11223.910253625@critter.freebsd.dk> In-Reply-To: Your message of "Thu, 05 Nov 1998 00:56:10 MST." <199811050756.AAA17272@mt.sri.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>> Well, it is (barely) measurably faster on the two busy mailservers I run. > >That makes no sense given Don't analysis. Getting a reset is *MUCH* >faster than making a full-fledged TCP connection, sending and receiving >(bogus) data, and then shutting down the connection. I think Don assumes that all mail servers run BSD + sendmail. That doesn't seem to be the case on the Internet I work on. While I agree with his analysis, reality says differently. Don't forget I said "barely measurable". We're talking about two servers which spam-filter email for more than 20% of the Danish internet users. >Are you sure it's not your firewall setup that's causing it? (I ask >since I got my original firewall stuff from you, and most of the rules >you had were 'deny' instead of 'reject' type rules. There is no firewalling. >> The other advantage is that it makes: >> sysctl -w net.inet.tcp.log_in_vain=1 >> less noisy on same machines. > >???? Have you tried it on an mail server which doesn't answer port 113 ? You get a (possibly 3) messages every time somebody tried to connect to port 113. With this dummy server in place, you don't get the noise, so you can see actual portscans and stuff like that. Everybody who's concerned about security should run with sysctl -w net.inet.tcp.log_in_vain=1 even if behind a firewall. -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop." "ttyv0" -- What UNIX calls a $20K state-of-the-art, 3D, hi-res color terminal To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?11223.910253625>