From owner-freebsd-security  Wed Oct 14 10:09:16 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id KAA22085
          for freebsd-security-outgoing; Wed, 14 Oct 1998 10:09:16 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from acetylene.vapornet.net (acetylene.vapornet.net [209.100.218.11])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA22070
          for <freebsd-security@FreeBSD.ORG>; Wed, 14 Oct 1998 10:09:13 -0700 (PDT)
          (envelope-from john@acetylene.vapornet.net)
Received: from habanero.chili-pepper.net (vapornet.xnet.com. [205.243.141.107]) 
          by acetylene.vapornet.net (a mail server)
          with ESMTP id MAA18369; Wed, 14 Oct 1998 12:08:49 -0500 (CDT)
          (envelope-from john)
Received: (from john@localhost) 
          by habanero.chili-pepper.net (a mail client) id MAA00631; Wed, 14 Oct 1998 12:08:41 -0500 (CDT)
          (envelope-from john)
From: John Preisler <john@vapornet.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Date: Wed, 14 Oct 1998 12:08:41 -0500 (CDT)
To: Kenneth Ingham <ingham@i-pi.com>
Cc: "N. N.M" <madrapour@hotmail.com>, freebsd-security@FreeBSD.ORG
Subject: Re: Again logging!
In-Reply-To: <19980114092154.B449@i-pi.com>
References: <19981014142006.22104.qmail@hotmail.com>
	<19980114092154.B449@i-pi.com>
X-Mailer: VM 6.43 under 20.4 "Emerald" XEmacs  Lucid
Message-ID: <13860.55858.134449.692826@habanero.chili-pepper.net>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


Also keep in mind that these sysctl switches, unlike ipfw rules, have
NO LIMIT on them.  A person could easily overflow your /var partition
[assuming you have one] in a few minutes with a program like strobe.

fwiw.




Kenneth Ingham writes:
 > > 3- Will it affect the system performance if I activate the logging of 
 > > TCP and UDP connections by setting the following kernel variables?:
 > > net.inet.tcp.log_in_vain=1
 > > net.inet.udp.log_in_vain=1
 > I'm sure it does.  I have no specific numbers though.
 > 
 > I run with both turned on on the main router (which is a FreeBSD box).
 > My router is idle >99% of the time, so the performance hit is not a
 > problem.  The machine is much faster than the network connection (33.6
 > full-time dialup in my case).
 > 
 > How fast is your network connection?  That and the performance of your
 > machine should be the determining factor(s) about whether or the
 > performance hit will be a problem.
 > 
 > Kenneth
 > 
 > To Unsubscribe: send mail to majordomo@FreeBSD.org
 > with "unsubscribe freebsd-security" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message