Date: Mon, 15 Apr 2002 19:03:35 -0500 (CDT) From: hawkeyd@visi.com (D J Hawkey Jr) To: sheldonh@starjuice.net, freebsd-security@freebsd.org Subject: Re: Limiting closed port RST response from 381 to 200 p Message-ID: <200204160003.g3G03Z501882@sheol.localdomain> In-Reply-To: <13814.1018882311_axl.seasidesoftware.co.za@ns.sol.net> References: <13814.1018882311_axl.seasidesoftware.co.za@ns.sol.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In article <13814.1018882311_axl.seasidesoftware.co.za@ns.sol.net>, sheldonh@starjuice.net writes: > > > On Tue, 16 Apr 2002 00:20:01 +1000, Andrew Johns wrote: > >> Actually Sheldon I think that's a great idea - helps with >> syslog DoS somewhat as well. Anybody else care to contemplate >> making it either a default or sysctl (ICMP_BANDLIMIT_DOSLIMIT?) > > In CURRENT, logging is conditional on a sysctl value; the message > format is unchanged from that of STABLE, but logging can be turned off > completely if desired. This seems to keep most people happy. > > I don't think my preference (always seeing the messages, but having > syslog coalesce them) is representative of the majority of folks to whom > this matters. Here's one that agrees with you, especially if I'm monitoring with root-tail; the coalescing is a welcomed feature as far as I'm concerned. > Ciao, > Sheldon. Dave -- Windows: "Where do you want to go today?" Linux: "Where do you want to go tomorrow?" FreeBSD: "Are you guys coming, or what?" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200204160003.g3G03Z501882>