Date: Wed, 19 Sep 2001 13:22:18 -0500 (CDT) From: Eric Anderson <anderson@centtech.com> To: davidk@accretivetg.com Cc: brett@lariat.org, security@freebsd.org Subject: Re: Defense against 'Code Rainbow' Message-ID: <44071.10.177.173.21.1000923738.squirrel@proton.centtech.com> In-Reply-To: <20010919101020.B85958-100000@localhost> References: <20010919101020.B85958-100000@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
Is it possible to do a hash table lookup kind of thing? I think a list of about 10,000 would be fast even on a hash table. Eric > On Wed, 19 Sep 2001, Brett Glass wrote: > >> Unfortunately, there was a serious problem with this approach. The BSD >> TCP/IP stack apparently does not expect its routing table to be very >> big, and so scans it linearly. > > Something I've wanted to implement but haven't because I'm not really > knowledgable enough is a sysctl that would enable/disable dynamic route > creation. It's so rare that any one of these /32 routes the server > creates will ever be different than any of the others that it's just a > waste of resources for the system to track them. Those that want to > route with their BSD box would leave dynamic routes enabled. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44071.10.177.173.21.1000923738.squirrel>