Date: Wed, 13 Dec 2000 19:30:14 -0600 From: Bill Fumerola <billf@mu.org> To: "Richard A. Steenbergen" <ras@e-gerbil.net> Cc: Alfred Perlstein <bright@wintelcom.net>, Bosko Milekic <bmilekic@technokratis.com>, freebsd-net@FreeBSD.ORG, green@FreeBSD.ORG Subject: Re: Ratelimint Enhancement patch (Please Review One Last Time!) Message-ID: <20001213193014.J72273@elvis.mu.org> In-Reply-To: <Pine.BSF.4.21.0012131432530.816-100000@overlord.e-gerbil.net>; from ras@e-gerbil.net on Wed, Dec 13, 2000 at 02:42:53PM -0500 References: <20001213112935.K16205@fw.wintelcom.net> <Pine.BSF.4.21.0012131432530.816-100000@overlord.e-gerbil.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Dec 13, 2000 at 02:42:53PM -0500, Richard A. Steenbergen wrote:
> It could just as easily be a SYN flood against a single port... or a large
> number of clients trying to connected to your crashed web server... :P Or
> it could just as easily be an ack flood against a port without a listener
> and be showing up in the "not the ack flood" counter.
Exactly. Bikeshedding the millions of possible reasons the queue/ratelimit
was triggered is silly.
Bosko, please change the descriptions to something very generic before
committing them ("ratelimiting TCP RST packets: x/y pps" or something)
--
Bill Fumerola - security yahoo / Yahoo! inc.
- fumerola@yahoo-inc.com / billf@FreeBSD.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001213193014.J72273>