From owner-freebsd-security Thu May 31 12:40: 7 2001 Delivered-To: freebsd-security@freebsd.org Received: from silby.com (cb34181-a.mdsn1.wi.home.com [24.14.173.39]) by hub.freebsd.org (Postfix) with ESMTP id 559A237B422 for ; Thu, 31 May 2001 12:40:03 -0700 (PDT) (envelope-from silby@silby.com) Received: (qmail 74083 invoked by uid 1000); 31 May 2001 19:40:02 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 31 May 2001 19:40:02 -0000 Date: Thu, 31 May 2001 14:40:02 -0500 (CDT) From: Mike Silbersack To: Rob Simmons Cc: Subject: Re: Limiting TCP RST Response Packets In-Reply-To: Message-ID: <20010531143721.A74065-100000@achilles.silby.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 31 May 2001, Rob Simmons wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: RIPEMD160 > > Maybe that should be mentioned in LINT? > > Robert Simmons > Systems Administrator > http://www.wlcg.com/ Changing the comment to say that the *.blackhole sysctls should be used instead, and only then very sparingly would be a good idea, yes. RESTRICT_RST is gone from current, which is why nobody has thought about changing the comment for it in LINT. There is one case where such blackholing may be useful at this point in time. I think I have a better solution for it, but it'll be a while before I have a patch ready. (It's not a big deal, in any case.) Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message