Date: Tue, 17 Apr 2001 10:31:15 -0700 (PDT) From: Matt Dillon <dillon@earth.backplane.com> To: Kris Kennaway <kris@obsecurity.org> Cc: Niels Provos <provos@citi.umich.edu>, Kris Kennaway <kris@obsecurity.org>, Wes Peters <wes@softweyr.com>, freebsd-security@FreeBSD.ORG, net@FreeBSD.ORG, provos@OpenBSD.org Subject: Re: non-random IP IDs Message-ID: <200104171731.f3HHVFu94944@earth.backplane.com> References: <20010416214611.6DA3F207C1@citi.umich.edu> <200104170157.f3H1v4d87804@earth.backplane.com> <20010416233042.A21394@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
:> It's not worth doing. We would be introducing unnecessary cpu burn on
:> every single packet we sent out, all to solve a problem that doesn't
:> really exist.
:
:Well, that's why it's a sysctl defaulting to off in my patch. Don't
:turn it on if you don't want to.
:
:Kris
Let me put it another way: I think this sort of thing is an excellent
example of introducing unnecessary kernel bloat into the system. Who
gives a fart whether someone can port scan you efficiently or
anonymously or not? I get port scanned every day. Most hackers don't
even bother with portscans, they just try the exploit on the target
machines directly.
-Matt
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200104171731.f3HHVFu94944>