Date: Tue, 8 Nov 2005 13:23:43 -0600 (CST) From: Mike Silbersack <silby@silby.com> To: Lars Eggert <lars.eggert@netlab.nec.de> Cc: net@freebsd.org Subject: Re: TCP RST handling in 6.0 Message-ID: <20051108130801.Y36544@odysseus.silby.com> In-Reply-To: <E019841F-389F-4B15-942E-F30F6745ECBF@netlab.nec.de> References: <E019841F-389F-4B15-942E-F30F6745ECBF@netlab.nec.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 8 Nov 2005, Lars Eggert wrote: > Thus, I'd like to suggest that the default for net.inet.tcp.insecure_rst be > zero for now. AFAIK, any other TCP mod came disabled be default in the past, > too. > > Lars I'm open to discussing the change. I plan to revisit that and the SYN causing a connection reset issue after eurobsdcon. However, I'm open to clubbing you over the head for not saying anything throughout the entire 6.0 release cycle and requesting the change AFTER THE RELEASE HAS SHIPPED. Since 6.0 shipped with this feature on, I don't think we should flip the setting back to off until a good reason has been given. While we're on the subject of potential problems, I'd like to throw out an idea. What would people think of a "log perhaps somewhat in vain" option (turned on by default) that logged unusual looking packets to /var/log/ip.log - but did it in a ratelimited fashion, so that it would not be possible for attackers to chew up disk space. This would of course get written to during an attack, but it would also log legitimate cases, such as where a RST blocked by this setting came in. This could also be used to tell if future changes cause additional incompatibilities. Such a feature wouldn't cause performance problems, but I could see there being privacy concerns. If the log was only root readable, what would people think? Remember that I'm talking only about logging "odd" packets, and only their TCP/IP flags and fields, not the data contents. Mike "Silby" Silbersack
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051108130801.Y36544>