From owner-freebsd-hackers Sat Jan 5 18:28:40 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from falcon.prod.itd.earthlink.net (falcon.mail.pas.earthlink.net [207.217.120.74]) by hub.freebsd.org (Postfix) with ESMTP id E0F6437B420 for ; Sat, 5 Jan 2002 18:28:20 -0800 (PST) Received: from user-38lc2j1.dialup.mindspring.com ([209.86.10.97] helo=gohan.cjclark.org) by falcon.prod.itd.earthlink.net with esmtp (Exim 3.33 #1) id 16N32k-0006KK-00; Sat, 05 Jan 2002 18:28:16 -0800 Received: (from cjc@localhost) by gohan.cjclark.org (8.11.6/8.11.1) id g060d0V09332; Sat, 5 Jan 2002 16:39:00 -0800 (PST) (envelope-from cjc) Date: Sat, 5 Jan 2002 16:39:00 -0800 From: "Crist J. Clark" To: Leo Bicknell Cc: "Rogier R. Mulhuijzen" , freebsd-hackers@FreeBSD.ORG Subject: Re: path_mtu_discovery Message-ID: <20020105163900.E204@gohan.cjclark.org> Reply-To: cjclark@alum.mit.edu References: <5.1.0.14.0.20020105011436.01d16058@mail.drwilco.net> <20020105000816.GA54166@ussenterprise.ufp.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020105000816.GA54166@ussenterprise.ufp.org>; from bicknell@ufp.org on Fri, Jan 04, 2002 at 07:08:16PM -0500 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, Jan 04, 2002 at 07:08:16PM -0500, Leo Bicknell wrote: > In a message written on Sat, Jan 05, 2002 at 01:14:45AM +0100, Rogier R. Mulhuijzen wrote: > > If we're on the internet yes. If you're in an environment other than one > > connected to the internet (do those even exist ) no. > > Hence my tuneable sysctl idea. > > I'll support a sysctl, however I'll also be quite insistant that > our defaults match the Internet. I'm fairly sure more FreeBSD > boxes are connected to the Internet than any other network. :-) I'd support it if anyone actually has any credible evidence that such attacks have ever occured. Or if there is are plausible ways to attack that don't require someone to sniff and inject into a connection in which the victim is participating (if you can do that, you can do much worse). The typical SYN flood or DDOS are real threats. This thread (and the previous ones like the one Darren started a few months back) have already expended more energy on the issue than the threat warrants. -- "It's always funny until someone gets hurt. Then it's hilarious." Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message