Date: 28 Jul 1999 10:56:11 +0200 From: Dag-Erling Smorgrav <des@yes.no> To: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> Cc: Dag-Erling Smorgrav <des@yes.no>, net@FreeBSD.ORG Subject: Re: TCP/IP hardening Message-ID: <xzpyag19mqc.fsf@des.follo.net> In-Reply-To: Garrett Wollman's message of "Tue, 27 Jul 1999 22:50:50 -0400 (EDT)" References: <xzpn1wjb1o2.fsf@des.follo.net> <199907280250.WAA06009@khavrinen.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Garrett Wollman <wollman@khavrinen.lcs.mit.edu> writes: > <<On 26 Jul 1999 22:23:41 +0200, Dag-Erling Smorgrav <des@yes.no> said: > > * net.inet.tcp.restrict_rst: if set to 1, do not emit TCP RST > > packets. Conditional on the TCP_RESTRICT_RST kernel option, which > > defaults to off. > Why would you want to break the TCP implementation? You've never run an IRC server, have you? > > * net.inet.tcp.drop_synfin: if set to 1, drop TCP packets with both > > the SYN and FIN options set. Conditional on the TCP_DROP_SYNFIN > > kernel option, which defaults to off. > Again, why would you do that? If it bothers you so much, then go > hide behind a firewall. Eats CPU. DES -- Dag-Erling Smorgrav - des@yes.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpyag19mqc.fsf>