Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 9 Jan 2000 12:18:29 -0800 (PST)
From:      Holtor <holtor@yahoo.com>
To:        freebsd-questions@freebsd.org
Cc:        freebsd-stable@freebsd.org
Subject:   Kernel Option: TCP_DROP_SYNFIN
Message-ID:  <20000109201829.20220.qmail@web116.yahoomail.com>

next in thread | raw e-mail | index | archive | help
I've found this looking threw LINT:

# The following options add sysctl variables for
controlling how certain
# TCP packets are handled.
# 
# TCP_DROP_SYNFIN adds support for ignoring TCP
packets with SYN+FIN. This
# prevents nmap et al. from identifying the TCP/IP
stack, but breaks support
# for RFC1644 extensions and is not recommended for
web servers.  
#  

options         TCP_DROP_SYNFIN         #drop TCP
packets with SYN+FIN  


Would this help stop SYN floods from breaking my
freebsd computer? if anyones tried it, please speak
up with any results or how it works. Thanks!

Holtor
__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000109201829.20220.qmail>