From owner-freebsd-security  Fri Jun 11 16:23:12 1999
Delivered-To: freebsd-security@freebsd.org
Received: from aic-gw.mlink.net (aic-gw.mlink.net [209.104.118.65])
	by hub.freebsd.org (Postfix) with SMTP id 49AEE154C6
	for <freebsd-security@FreeBSD.ORG>; Fri, 11 Jun 1999 16:23:09 -0700 (PDT)
	(envelope-from matt@AIC-GW.MLINK.NET)
Received: (qmail 2528 invoked by uid 1001); 11 Jun 1999 23:23:08 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 11 Jun 1999 23:23:08 -0000
Date: Fri, 11 Jun 1999 19:23:08 -0400 (EDT)
From: matt <matt@AIC-GW.MLINK.NET>
To: freebsd <freebsd@unreal.gatekeep.net>
Cc: Nick Rogness <nick@rapidnet.com>,
	"Jason L. Schwab" <jschwab@royal.net>,
	Pete Fritchman <petef@netreach.net>, ghandi@mindless.com,
	freebsd-security@FreeBSD.ORG
Subject: Re: firewalls
In-Reply-To: <Pine.BSF.4.05.9906111603370.37099-100000@unreal.gatekeep.net>
Message-ID: <Pine.BSF.4.10.9906111921410.2521-100000@aic-gw.mlink.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, 11 Jun 1999, freebsd wrote:

: I suggest installing ICMP_BANDLIM into the kernel (gret LINT) and setting
: it to about 20... sysctl -w net.inet.icmp.icmplim=20

I use both patches, they work nicely, however, I set the limits at 200 for
both on bootup with sysctl.. I think the default of 100 is a lil low, and
20 lord. a portscan would trip that off like crazy. Course, I run
portsentry with ipfw to handle those *grin* .. Still though, 20 might be
a bit low...
 
: Also for syn floods, i suggest going to geek-girl.com and getting the new
: syn protection patch for FreeBSD, it works, you also set it via sysctl...

[...] 

Matt

--
DISCLAIMER: Anyone sending me unsolicited commercial electronic mail
automatically agrees to be held to the following legal terms:

US Code Title 47, Sec.227(a)(2)(B), a computer/modem/printer meets the
definition of a telephone fax machine. By Sec.227(b)(1)(C), it is
unlawful to send any unsolicited advertisement to such equipment. By
Sec.227(b)(3)(C), a violation of the aforementioned Section is punishable
by action to recover actual monetary loss, or $500, whichever is greater,
for each violation.




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message