From owner-freebsd-current  Mon Aug 16 18:33:35 1999
Delivered-To: freebsd-current@freebsd.org
Received: from bubba.whistle.com (bubba.whistle.com [207.76.205.7])
	by hub.freebsd.org (Postfix) with ESMTP id 068A91546F
	for <current@FreeBSD.ORG>; Mon, 16 Aug 1999 18:33:31 -0700 (PDT)
	(envelope-from archie@whistle.com)
Received: (from archie@localhost)
	by bubba.whistle.com (8.9.2/8.9.2) id SAA25256;
	Mon, 16 Aug 1999 18:33:52 -0700 (PDT)
From: Archie Cobbs <archie@whistle.com>
Message-Id: <199908170133.SAA25256@bubba.whistle.com>
Subject: Re: Dropping connections without RST
In-Reply-To: <E3453EC6C52ED3118E7E0090275CD47CFFAF94@isjhbex.is.co.za> from Geoff Rehmet at "Aug 16, 1999 10:26:00 am"
To: geoffr@is.co.za (Geoff Rehmet)
Date: Mon, 16 Aug 1999 18:33:51 -0700 (PDT)
Cc: current@FreeBSD.ORG ('current@freebsd.org')
X-Mailer: ELM [version 2.4ME+ PL54 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Geoff Rehmet writes:
> After the discussions regarding the "log_in_vain"
> sysctls, I was thinking about a feature I would
> like to implement:
> 
> Instead of sending a RST (for TCP) or Port Unreachable
> (for UDP) where the box is not listening on a socket,
> I would like to implement a sysctl, which disables the
> sending of the RST or the Port unreachable.  This is 
> basically for public servers (like DNS servers), which
> I want to turn into black holes on ports where they
> are not listening.  (This confuses things if someone
> strobes the machines, and also makes life a little
> more difficult for anyone who tries to portscan them.)
> 
> In default configuration, everything would behave as per
> normal, and you would have to set a sysctl MIB before the
> behaviour that I have described is displayed.
> 
> Can anyone think of any reason why this feature should
> not be implemented?

I like that idea... net.inet.{tcp,udp}.drop_in_vain ?

-Archie

___________________________________________________________________________
Archie Cobbs   *   Whistle Communications, Inc.  *   http://www.whistle.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message