From owner-freebsd-security  Wed May  9  2:57:18 2001
Delivered-To: freebsd-security@freebsd.org
Received: from rafiu.psi-domain.co.uk (rafiu.psi-domain.co.uk [212.87.84.199])
	by hub.freebsd.org (Postfix) with ESMTP id 7856E37B422
	for <freebsd-security@freebsd.org>; Wed,  9 May 2001 02:57:15 -0700 (PDT)
	(envelope-from heckfordj@psi-domain.co.uk)
Received: from smtp.psi-domain.co.uk (mail.trident-uk.co.uk [195.166.16.10])
	by rafiu.psi-domain.co.uk (Postfix) with SMTP id 629B0402EC6
	for <freebsd-security@freebsd.org>; Wed,  9 May 2001 10:52:38 +0100 (BST)
Date: Wed, 9 May 2001 11:55:58 +0100
From: Jamie Heckford <heckfordj@psi-domain.co.uk>
To: freebsd-security@freebsd.org
Subject: Re: Some Kernel options
Message-ID: <20010509115558.C4995@storm.psi-domain.co.uk>
Reply-To: heckfordj@psi-domain.co.uk
References: <002601ba1df7$4da07940$b88f39d5@a> <20010509023409.A33253@xor.obsecurity.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
In-Reply-To: <20010509023409.A33253@xor.obsecurity.org>; from kris@obsecurity.org on Wed, May 09, 2001 at 10:34:09 +0100
X-Mailer: Balsa 1.1.1
Lines: 51
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Some can help against portscans and DoS attacks.

Not really useful if your not connected to a publically
addressable IP address, or if your not on a Medium/Large LAN
with people on the network who may possibly attack your
box.

Jamie

On 2001.05.09 10:34 Kris Kennaway wrote:
> On Tue, May 09, 1995 at 12:26:09PM +0200, Retal wrote:
> 
> Fix your clock  ^^^^
> 
> > I could not have wondered but..Its only me or other people compiling
> > their kernel with this options:
> > options         KBD_INSTALL_CDEV        # install a CDEV entry in /dev
> > options         TCP_DROP_SYNFIN         #drop TCP packets with SYN+FIN
> > options         TCP_RESTRICT_RST        #restrict emission of TCP RST
> > options         ICMP_BANDLIM                                           
>        
> > 
> > Those options has any effect? i use them for months but i havent
> > seen any difference between my other machines.
> 
> Um, you're not going to see the effect of these options unless you
> look.  They work as intended - it seems you're expecting them to make
> some magical difference to your machine, which isn't the case.
> 
> Kris
> 
-- 
Jamie Heckford
Network Operations Manager
Psi-Domain - Innovative Linux Solutions. Ask Us How.

FreeBSD - The power to serve

Join our mailing list and stay informed by emailing
majordomo@psi-domain.co.uk with the line:
subscribe collective

=====================================
email:  heckfordj@psi-domain.co.uk
web:    http://www.psi-domain.co.uk/

tel:    +44 (0)1737 789 246
fax:    +44 (0)1737 789 245
mobile: +44 (0)7866 724 224 

=====================================


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message