From owner-freebsd-stable  Sun Jan  9 12:18:37 2000
Delivered-To: freebsd-stable@freebsd.org
Received: from web116.yahoomail.com (web116.yahoomail.com [205.180.60.89])
	by hub.freebsd.org (Postfix) with SMTP id 43DA315245
	for <freebsd-stable@freebsd.org>; Sun,  9 Jan 2000 12:18:30 -0800 (PST)
	(envelope-from holtor@yahoo.com)
Received: (qmail 20221 invoked by uid 60001); 9 Jan 2000 20:18:29 -0000
Message-ID: <20000109201829.20220.qmail@web116.yahoomail.com>
Received: from [209.191.60.54] by web116.yahoomail.com; Sun, 09 Jan 2000 12:18:29 PST
Date: Sun, 9 Jan 2000 12:18:29 -0800 (PST)
From: Holtor <holtor@yahoo.com>
Subject: Kernel Option: TCP_DROP_SYNFIN
To: freebsd-questions@freebsd.org
Cc: freebsd-stable@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

I've found this looking threw LINT:

# The following options add sysctl variables for
controlling how certain
# TCP packets are handled.
# 
# TCP_DROP_SYNFIN adds support for ignoring TCP
packets with SYN+FIN. This
# prevents nmap et al. from identifying the TCP/IP
stack, but breaks support
# for RFC1644 extensions and is not recommended for
web servers.  
#  

options         TCP_DROP_SYNFIN         #drop TCP
packets with SYN+FIN  


Would this help stop SYN floods from breaking my
freebsd computer? if anyones tried it, please speak
up with any results or how it works. Thanks!

Holtor
__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message