Date: 25 Feb 2001 14:15:32 +0100 From: Dag-Erling Smorgrav <des@ofug.org> To: Alexandr Kovalenko <neve_ripe@yahoo.com> Cc: Alex Hayward <xelah@xelah.com>, freebsd-stable@FreeBSD.ORG Subject: Re: Re[4]: ipfw drop syn+fin Message-ID: <xzplmquj43v.fsf@flood.ping.uio.no> In-Reply-To: Alexandr Kovalenko's message of "Sun, 25 Feb 2001 14:54:13 %2B0200" References: <Pine.LNX.4.10.10102231024230.15158-100000@sphinx.mythic-beasts.com> <xzpelwnj66j.fsf@flood.ping.uio.no> <15867369422.20010225143757@yahoo.com> <xzp66hzj5ki.fsf@flood.ping.uio.no> <xzp1ysnj5ha.fsf@flood.ping.uio.no> <12068345205.20010225145413@yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Alexandr Kovalenko <neve_ripe@yahoo.com> writes: > I'm running heavily loaded freemail/freeforum/freechat/free* > webserver, could it be the reason for adding TCP_DROP_SYNFIN? Can I be > target of these things? TCP_DROP_SYNFIN and TCP_RESTRICT_RST were developed specifically to prevent nmap from reporting useful information about machines that use them, and is probably only useful in the very peculiar world that EFNet IRC servers live in. TCP_RESTRICT_RST should probably be dyked out now that we have blackhole(4), and TCP_DROP_SYNFIN should be changed to rewrite packets instead of dropping them, and made non- optional. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzplmquj43v.fsf>