Date: Tue, 12 Jun 2001 12:33:51 -0400 (EDT) From: "Ian P. Thomas" <ipthomas_77@yahoo.com> To: willwong@samurai.com (William Wong) Cc: freebsd-questions@freebsd.org Subject: Re: man 4 blackhole Message-ID: <200106121634.MAA01477@scraemondaemon.my.domain> In-Reply-To: <no.id> from "William Wong" at Jun 12, 2001 12:10:20 AM
next in thread | previous in thread | raw e-mail | index | archive | help
The 1st drops only SYN, the second drops them all ACK SYN FIN etc. Ian In the last episode, William Wong stated... > > Hi there, > > I'm looking at the man page and I don't see a difference between setting > net.inet.tcp.blackhole, to either 1 or 2. Here's a section from the > manpage. > > "Normal behaviour, when a TCP SYN segment is received on a port where > there is no socket accepting connections, is for the system to return a > RST segment, and drop the connection. The connecting system will see > this as a "Connection reset by peer". By turning the TCP black hole MIB > on to a numeric value of one, the incoming SYN segment is merely dropped, > and no RST is sent, making the system appear as a blackhole. By setting > the MIB value to two, any segment arriving on a closed port is dropped > without returning a RST. This provides some degree of protection against > stealth port scans." > > Since I'm sure option 2 isn't there for no reason, I must be interpreting > this wrong. > > Anyone know the difference? > > Regards, > - Will > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200106121634.MAA01477>