Date: 25 Feb 2001 13:43:57 +0100 From: Dag-Erling Smorgrav <des@ofug.org> To: Alexandr Kovalenko <neve_ripe@yahoo.com> Cc: Alex Hayward <xelah@xelah.com>, freebsd-stable@FreeBSD.ORG Subject: Re: Re[2]: ipfw drop syn+fin Message-ID: <xzp66hzj5ki.fsf@flood.ping.uio.no> In-Reply-To: Alexandr Kovalenko's message of "Sun, 25 Feb 2001 14:37:57 %2B0200" References: <Pine.LNX.4.10.10102231024230.15158-100000@sphinx.mythic-beasts.com> <xzpelwnj66j.fsf@flood.ping.uio.no> <15867369422.20010225143757@yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Alexandr Kovalenko <neve_ripe@yahoo.com> writes: > So, as far as I can see there is no risk of turning up TCP_DROP_SYNFIN > on my webserver. I have minimum size of 1 file on my web about 1Kb, > most of the files are ~20-30-40 kb, will it be safe to do drop synfin? The size of the files you serve is irrelevant. It's the size of the requests that matters. But anyway, RFC1644 never went past "experimental", and T/TCP support is off by default in FreeBSD, so blocking SYN+FIN segments won't disable anything. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzp66hzj5ki.fsf>