From owner-cvs-all  Thu Feb 17 10:57:32 2000
Delivered-To: cvs-all@freebsd.org
Received: from peach.ocn.ne.jp (peach.ocn.ne.jp [210.145.254.87])
	by hub.freebsd.org (Postfix) with ESMTP
	id B7C6837B7DC; Thu, 17 Feb 2000 10:57:27 -0800 (PST)
	(envelope-from dcs@newsguy.com)
Received: from newsguy.com (dcs@p35-dn02kiryunisiki.gunma.ocn.ne.jp [211.0.245.100])
	by peach.ocn.ne.jp (8.9.1a/OCN) with ESMTP id DAA29758;
	Fri, 18 Feb 2000 03:57:21 +0900 (JST)
Message-ID: <38AC4459.3844ADBA@newsguy.com>
Date: Fri, 18 Feb 2000 03:56:25 +0900
From: "Daniel C. Sobral" <dcs@newsguy.com>
X-Mailer: Mozilla 4.7 [en] (Win98; I)
X-Accept-Language: en,pt-BR,ja
MIME-Version: 1.0
To: "Jordan K. Hubbard" <jkh@FreeBSD.org>
Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/etc hosts.allow
References: <200002170452.UAA27223@freefall.freebsd.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk

"Jordan K. Hubbard" wrote:
> 
> jkh         2000/02/16 20:52:24 PST
> 
>   Modified files:
>     etc                  hosts.allow
>   Log:
>   The default rule in this file actually sent mail to root as its default
>   action when denying access to a service.  Unfortunately, this also makes
>   a dandy denial-of-service attack possible.  Change to just log the event
>   and shoot a "go away" response back down the socket.

Isn't silently dropping the packet a much more efficient way of dealing
with DoS attacks?

--
Daniel C. Sobral			(8-DCS)
dcs@newsguy.com
dcs@freebsd.org

	"If you consider our help impolite, you should see the manager."


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message