Skip site navigation (1)Skip section navigation (2)
Date:      22 Jan 2000 06:35:43 +0100
From:      Dag-Erling Smorgrav <des@flood.ping.uio.no>
To:        Matthew Dillon <dillon@apollo.backplane.com>
Cc:        Keith Stevenson <k.stevenson@louisville.edu>, freebsd-security@FreeBSD.ORG
Subject:   Re: Some observations on stream.c and streamnt.c
Message-ID:  <xzpg0vqllcg.fsf@flood.ping.uio.no>
In-Reply-To: Matthew Dillon's message of "Fri, 21 Jan 2000 18:45:07 -0800 (PST)"
References:  <4.2.2.20000120194543.019a8d50@localhost> <Pine.BSF.4.10.10001211419010.3943-100000@tetron02.tetronsoftware.com> <20000121162757.A7080@osaka.louisville.edu> <xzpk8l2lul4.fsf@flood.ping.uio.no> <200001220245.SAA66403@apollo.backplane.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Dillon <dillon@apollo.backplane.com> writes:
>     Second, you purport that TCP_RESTRICT_RST is a better solution.
>     I'll tell you something about TCP_RESTRICT_RST:  It's garbage.  It should
>     never have been committed into the tree.  It takes out *EVERY* single
>     goddamn RST response in the entire TCP input chain, even the ones that
>     couldn't possibly be related to an attack.  It does it *all the time*,
>     whether the machine is under attack or not.

1) don't teach me how TCP_RESTRICT_RST works. I wrote it.

2) it's not meant for protecting against attacks.

You can figure the rest out for yourself.

DES
-- 
Dag-Erling Smorgrav - des@flood.ping.uio.no


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpg0vqllcg.fsf>