From owner-freebsd-security Thu May 31 12: 6:46 2001 Delivered-To: freebsd-security@freebsd.org Received: from db.nexgen.com (db.nexgen.com [64.81.208.78]) by hub.freebsd.org (Postfix) with SMTP id D116A37B422 for ; Thu, 31 May 2001 12:06:41 -0700 (PDT) (envelope-from ml@db.nexgen.com) Received: (qmail 54542 invoked from network); 31 May 2001 19:10:12 -0000 Received: from unknown (HELO book) (root@127.0.0.1) by 127.0.0.1 with SMTP; 31 May 2001 19:10:12 -0000 Message-ID: <003101c0ea04$d498b400$01000001@book> From: "alexus" To: "Rob Simmons" , "Liran Dahan" Cc: References: Subject: Re: Limiting TCP RST Response Packets Date: Thu, 31 May 2001 15:06:43 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org what is TCP_RESTRICT_RST do anyway? what is it for? ----- Original Message ----- From: "Rob Simmons" To: "Liran Dahan" Cc: Sent: Thursday, May 31, 2001 2:46 PM Subject: Re: Limiting TCP RST Response Packets > -----BEGIN PGP SIGNED MESSAGE----- > Hash: RIPEMD160 > > You will need to add the following line to your kernel config file, and > recompile the kernel: > > options TCP_RESTRICT_RST > > You should also read the comments about this option in the LINT file. > > Then you will need to add this line to your rc.conf file: > > tcp_restrict_rst="YES" > > or you can use the sysctl knob: > > net.inet.tcp.restrict_rst > > Robert Simmons > Systems Administrator > http://www.wlcg.com/ > > On Thu, 31 May 2001, Liran Dahan wrote: > > > Im afarid of someone trying to flood me by Connecting to me 1000 times > > and for every time like that it will send TCP Rst Reponse. Is there > > any way to Limit TCP Rst Response packets? Is there a way to Limit > > Unreach Messages (IPFW) that it wont flood me too ? > > > > -Liran Dahan- (lirandb@netvision.net.il) > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.5 (FreeBSD) > Comment: For info see http://www.gnupg.org > > iD8DBQE7FpF1v8Bofna59hYRA/uBAJ43eCmPWdjrBK3DTt1DKCnSA5k0KwCdGMAa > MgbhLld2PtM7xBxEEuXfcgc= > =7UMY > -----END PGP SIGNATURE----- > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message