From owner-freebsd-net  Wed Dec 13 17:30:19 2000
From owner-freebsd-net@FreeBSD.ORG  Wed Dec 13 17:30:17 2000
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from elvis.mu.org (elvis.mu.org [207.154.226.10])
	by hub.freebsd.org (Postfix) with ESMTP
	id B61F537B402; Wed, 13 Dec 2000 17:30:17 -0800 (PST)
Received: by elvis.mu.org (Postfix, from userid 1098)
	id 528A52B28E; Wed, 13 Dec 2000 19:30:14 -0600 (CST)
Date: Wed, 13 Dec 2000 19:30:14 -0600
From: Bill Fumerola <billf@mu.org>
To: "Richard A. Steenbergen" <ras@e-gerbil.net>
Cc: Alfred Perlstein <bright@wintelcom.net>,
	Bosko Milekic <bmilekic@technokratis.com>, freebsd-net@FreeBSD.ORG,
	green@FreeBSD.ORG
Subject: Re: Ratelimint Enhancement patch (Please Review One Last Time!)
Message-ID: <20001213193014.J72273@elvis.mu.org>
References: <20001213112935.K16205@fw.wintelcom.net> <Pine.BSF.4.21.0012131432530.816-100000@overlord.e-gerbil.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.BSF.4.21.0012131432530.816-100000@overlord.e-gerbil.net>; from ras@e-gerbil.net on Wed, Dec 13, 2000 at 02:42:53PM -0500
X-Operating-System: FreeBSD 4.2-FEARSOME-20001103 i386
Sender: billf@elvis.mu.org
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, Dec 13, 2000 at 02:42:53PM -0500, Richard A. Steenbergen wrote:

> It could just as easily be a SYN flood against a single port... or a large
> number of clients trying to connected to your crashed web server... :P Or
> it could just as easily be an ack flood against a port without a listener
> and be showing up in the "not the ack flood" counter.

Exactly. Bikeshedding the millions of possible reasons the queue/ratelimit
was triggered is silly.

Bosko, please change the descriptions to something very generic before
committing them ("ratelimiting TCP RST packets: x/y pps" or something)

-- 
Bill Fumerola - security yahoo         / Yahoo! inc.
              - fumerola@yahoo-inc.com / billf@FreeBSD.org





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message