From owner-freebsd-net  Wed Jul 28  1:58:11 1999
Delivered-To: freebsd-net@freebsd.org
Received: from des.follo.net (des.follo.net [195.204.143.216])
	by hub.freebsd.org (Postfix) with ESMTP id 2D01A1523E
	for <net@FreeBSD.ORG>; Wed, 28 Jul 1999 01:58:07 -0700 (PDT)
	(envelope-from des@des.follo.net)
Received: (from des@localhost)
	by des.follo.net (8.9.3/8.9.3) id KAA61450;
	Wed, 28 Jul 1999 10:56:11 +0200 (CEST)
	(envelope-from des)
To: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Cc: Dag-Erling Smorgrav <des@yes.no>, net@FreeBSD.ORG
Subject: Re: TCP/IP hardening
References: <xzpn1wjb1o2.fsf@des.follo.net> <199907280250.WAA06009@khavrinen.lcs.mit.edu>
Organization: Yes Interactive
Visit-Us-At: http://www.yes.no/
From: Dag-Erling Smorgrav <des@yes.no>
Date: 28 Jul 1999 10:56:11 +0200
In-Reply-To: Garrett Wollman's message of "Tue, 27 Jul 1999 22:50:50 -0400 (EDT)"
Message-ID: <xzpyag19mqc.fsf@des.follo.net>
Lines: 20
X-Mailer: Gnus v5.5/Emacs 19.34
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Garrett Wollman <wollman@khavrinen.lcs.mit.edu> writes:
> <<On 26 Jul 1999 22:23:41 +0200, Dag-Erling Smorgrav <des@yes.no> said:
> >  * net.inet.tcp.restrict_rst: if set to 1, do not emit TCP RST
> >    packets. Conditional on the TCP_RESTRICT_RST kernel option, which
> >    defaults to off.
> Why would you want to break the TCP implementation?

You've never run an IRC server, have you?

> >  * net.inet.tcp.drop_synfin: if set to 1, drop TCP packets with both
> >    the SYN and FIN options set. Conditional on the TCP_DROP_SYNFIN
> >    kernel option, which defaults to off.
> Again, why would you do that?  If it bothers you so much, then go
> hide behind a firewall.

Eats CPU.

DES
-- 
Dag-Erling Smorgrav - des@yes.no


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message