Skip site navigation (1)Skip section navigation (2)
Date:      25 Feb 2001 13:43:57 +0100
From:      Dag-Erling Smorgrav <des@ofug.org>
To:        Alexandr Kovalenko <neve_ripe@yahoo.com>
Cc:        Alex Hayward <xelah@xelah.com>, freebsd-stable@FreeBSD.ORG
Subject:   Re: Re[2]: ipfw drop syn+fin
Message-ID:  <xzp66hzj5ki.fsf@flood.ping.uio.no>
In-Reply-To: Alexandr Kovalenko's message of "Sun, 25 Feb 2001 14:37:57 %2B0200"
References:  <Pine.LNX.4.10.10102231024230.15158-100000@sphinx.mythic-beasts.com> <xzpelwnj66j.fsf@flood.ping.uio.no> <15867369422.20010225143757@yahoo.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Alexandr Kovalenko <neve_ripe@yahoo.com> writes:
> So, as far as I can see there is no risk of turning up TCP_DROP_SYNFIN
> on my webserver. I have minimum size of 1 file on my web about 1Kb,
> most of the files are ~20-30-40 kb, will it be safe to do drop synfin?

The size of the files you serve is irrelevant. It's the size of the
requests that matters. But anyway, RFC1644 never went past
"experimental", and T/TCP support is off by default in FreeBSD, so
blocking SYN+FIN segments won't disable anything.

DES
-- 
Dag-Erling Smorgrav - des@ofug.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzp66hzj5ki.fsf>