From owner-freebsd-questions  Mon Jun 11 21:10:24 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from femail3.rdc1.on.home.com (femail3.rdc1.on.home.com [24.2.9.90])
	by hub.freebsd.org (Postfix) with ESMTP id 5B94437B401
	for <freebsd-questions@freebsd.org>; Mon, 11 Jun 2001 21:10:21 -0700 (PDT)
	(envelope-from willwong@samurai.com)
Received: from magus ([24.156.229.139]) by femail3.rdc1.on.home.com
          (InterMail vM.4.01.03.20 201-229-121-120-20010223) with SMTP
          id <20010612041020.ONAJ10743.femail3.rdc1.on.home.com@magus>
          for <freebsd-questions@freebsd.org>;
          Mon, 11 Jun 2001 21:10:20 -0700
Message-ID: <006801c0f2f5$98bce740$0300a8c0@anime.ca>
From: "William Wong" <willwong@samurai.com>
To: <freebsd-questions@freebsd.org>
Subject: man 4 blackhole
Date: Tue, 12 Jun 2001 00:10:20 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Hi there,

I'm looking at the man page and I don't see a difference between setting
net.inet.tcp.blackhole, to either 1 or 2.  Here's a section from the
manpage.

"Normal behaviour, when a TCP SYN segment is received on a port where
there is no socket accepting connections, is for the system to return a
RST segment, and drop the connection.  The connecting system will see
this as a "Connection reset by peer".  By turning the TCP black hole MIB
on to a numeric value of one, the incoming SYN segment is merely dropped,
and no RST is sent, making the system appear as a blackhole.  By setting
the MIB value to two, any segment arriving on a closed port is dropped
without returning a RST.  This provides some degree of protection against
stealth port scans."

Since I'm sure option 2 isn't there for no reason, I must be interpreting
this wrong.

Anyone know the difference?

Regards,
- Will


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message