Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 27 Jun 2006 16:10:04 -0400
From:      Mikhail Teterin <mi+mx@aldan.algebra.com>
To:        Pawel Worach <pawel.worach@gmail.com>
Cc:        freebsd-security@freebsd.org, net@freebsd.org
Subject:   Re: fetch http://localhost:6666 hangs
Message-ID:  <200606271610.04604.mi%2Bmx@aldan.algebra.com>
In-Reply-To: <44A1816B.3030808@gmail.com>
References:  <200606271455.32276.mi%2Bmx@aldan.algebra.com> <44A1816B.3030808@gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
в╕второк 27 червень 2006 15:05, Pawel Worach написав:
> > I just noticed, that on my recent "6.1-STABLE #4: Thu Jun  8" amd64
> > system attempts to connect to a bogus port (like 6666) hang instead of
> > failing with "Connection refused" immediately, as they on other systems.
>
> Using sysctl net.inet.tcp.blackhole=1 ?

Yes, that's what it was...

Got me thinking, though... Should the blackhole setting apply to localhost 
(and local IP addresses) at all? It is a security measure -- would be nicer 
to reduce its impact on legitimate activity...

	-mi



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200606271610.04604.mi%2Bmx>