From owner-freebsd-net Wed Dec 13 18:34:37 2000 From owner-freebsd-net@FreeBSD.ORG Wed Dec 13 18:34:36 2000 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from falla.videotron.net (falla.videotron.net [205.151.222.106]) by hub.freebsd.org (Postfix) with ESMTP id E7CEA37B698 for ; Wed, 13 Dec 2000 18:34:35 -0800 (PST) Received: from modemcable213.3-201-24.mtl.mc.videotron.ca ([24.201.3.213]) by falla.videotron.net (Sun Internet Mail Server sims.3.5.1999.12.14.10.29.p8) with ESMTP id <0G5J00LCXDTF1M@falla.videotron.net> for freebsd-net@FreeBSD.ORG; Wed, 13 Dec 2000 21:34:28 -0500 (EST) Date: Wed, 13 Dec 2000 21:35:40 -0500 (EST) From: Bosko Milekic Subject: Re: Ratelimint Enhancement patch (Please Review One Last Time!) In-reply-to: <20001213193014.J72273@elvis.mu.org> To: Bill Fumerola Cc: freebsd-net@FreeBSD.ORG Message-id: MIME-version: 1.0 Content-type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 13 Dec 2000, Bill Fumerola wrote: > On Wed, Dec 13, 2000 at 02:42:53PM -0500, Richard A. Steenbergen wrote: > > > It could just as easily be a SYN flood against a single port... or a large > > number of clients trying to connected to your crashed web server... :P Or > > it could just as easily be an ack flood against a port without a listener > > and be showing up in the "not the ack flood" counter. > > Exactly. Bikeshedding the millions of possible reasons the queue/ratelimit > was triggered is silly. > > Bosko, please change the descriptions to something very generic before > committing them ("ratelimiting TCP RST packets: x/y pps" or something) Mike said he would do it and re-post the diff. > -- > Bill Fumerola - security yahoo / Yahoo! inc. > - fumerola@yahoo-inc.com / billf@FreeBSD.org Later, Bosko Milekic bmilekic@technokratis.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message