Date: Sun, 12 Dec 1999 22:27:48 +0100 From: Brad Knowles <blk@skynet.be> To: <greg@snickers.org>, "freebsd" <freebsd-stable@FreeBSD.ORG> Subject: Re: SYN Hardening patches? / SYN Code in 3.4-RC Message-ID: <v04220802b479c33d8d5c@[195.238.24.135]> In-Reply-To: <NDBBKDPPPIAOMPHNGECCGEPJCBAA.greg@snickers.org> References: <NDBBKDPPPIAOMPHNGECCGEPJCBAA.greg@snickers.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 3:16 PM -0500 1999/12/12, Greg Prosser wrote: > I'm hoping that increasing maxusers to 512, and bumping NMBCLUSTERS to 4096 > is going to provide some help, but somehow I doubt it. (1MB/s of SYN packets > coming in does not fare well, and the unplanned boots are wreaking havok on > my filesystems). It was my understanding that there was a problem with setting maxusers above 128 (at least on 3.2-RELEASE). I haven't exceeded 128 on any of my boxes, although I have increased NMBCLUSTERS to 16384 on the one box where I got those kind of errors under heavy load. > # TCP_DROP_SYNFIN adds support for ignoring TCP packets with SYN+FIN. This > # prevents nmap et al. from identifying the TCP/IP stack, but breaks support > # for RFC1644 extensions and is not recommended for web servers. Huh. I'd be real interested to know how ignoring SYN+FIN breaks support for RFC1644 or causes problems for web servers. -- These are my opinions -- not to be taken as official Skynet policy ____________________________________________________________________ |o| Brad Knowles, <blk@skynet.be> Belgacom Skynet NV/SA |o| |o| Systems Architect, News & FTP Admin Rue Col. Bourg, 124 |o| |o| Phone/Fax: +32-2-706.11.11/12.49 B-1140 Brussels |o| |o| http://www.skynet.be Belgium |o| \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ Unix is like a wigwam -- no Gates, no Windows, and an Apache inside. Unix is very user-friendly. It's just picky who its friends are. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?v04220802b479c33d8d5c>