From owner-freebsd-security  Wed Sep 19 11:22:40 2001
Delivered-To: freebsd-security@freebsd.org
Received: from proxy.centtech.com (moat.centtech.com [206.196.95.10])
	by hub.freebsd.org (Postfix) with ESMTP id A349B37B41E
	for <security@freebsd.org>; Wed, 19 Sep 2001 11:22:35 -0700 (PDT)
Received: from sprint.centtech.com (sprint.centtech.com [10.177.173.31])
	by proxy.centtech.com (8.11.6/8.11.6) with ESMTP id f8JIMYS29690;
	Wed, 19 Sep 2001 13:22:34 -0500 (CDT)
Received: from centtech.com (proton [10.177.173.77])
	by sprint.centtech.com (8.9.3+Sun/8.9.3) with SMTP id NAA16178;
	Wed, 19 Sep 2001 13:22:33 -0500 (CDT)
From: Eric Anderson <anderson@centtech.com>
Received: from 10.177.173.21 (proxying for 10.177.173.77, 10.177.173.99)
        (SquirrelMail authenticated user anderson)
        by proton.centtech.com with HTTP;
        Wed, 19 Sep 2001 13:22:18 -0500 (CDT)
Message-ID: <44071.10.177.173.21.1000923738.squirrel@proton.centtech.com>
Date: Wed, 19 Sep 2001 13:22:18 -0500 (CDT)
Subject: Re: Defense against 'Code Rainbow'
To: davidk@accretivetg.com
In-Reply-To: <20010919101020.B85958-100000@localhost>
References: <20010919101020.B85958-100000@localhost>
Cc: brett@lariat.org, security@freebsd.org
X-Mailer: SquirrelMail (version 1.0.6)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Is it possible to do a hash table lookup kind of thing?  I think a list of
about 10,000 would be fast even on a hash table. 

Eric


> On Wed, 19 Sep 2001, Brett Glass wrote:
> 
>> Unfortunately, there was a serious problem with this approach. The BSD
>> TCP/IP stack apparently does not expect its routing table to be very
>> big, and so scans it linearly.
> 
> Something I've wanted to implement but haven't because I'm not really
> knowledgable enough is a sysctl that would enable/disable dynamic route
> creation. It's so rare that any one of these /32 routes the server
> creates will ever be different than any of the others that it's just a
> waste of resources for the system to track them. Those that want to
> route with their BSD box would leave dynamic routes enabled.
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message