From owner-freebsd-current Mon Aug 16 1:23:55 1999 Delivered-To: freebsd-current@freebsd.org Received: from mercury.is.co.za (mercury.is.co.za [196.4.160.222]) by hub.freebsd.org (Postfix) with ESMTP id 0B05014F5C for ; Mon, 16 Aug 1999 01:23:48 -0700 (PDT) (envelope-from geoffr@is.co.za) Received: from ISJHBEX (isjhbexnode.is.co.za [196.26.1.2]) by mercury.is.co.za (8.9.3/8.9.3) with ESMTP id JAA28219 for ; Mon, 16 Aug 1999 09:17:05 +0200 Received: by isjhbex.is.co.za with Internet Mail Service (5.5.2448.0) id ; Mon, 16 Aug 1999 10:26:03 +0200 Message-ID: From: Geoff Rehmet To: "'current@freebsd.org'" Subject: Dropping connections without RST Date: Mon, 16 Aug 1999 10:26:00 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG After the discussions regarding the "log_in_vain" sysctls, I was thinking about a feature I would like to implement: Instead of sending a RST (for TCP) or Port Unreachable (for UDP) where the box is not listening on a socket, I would like to implement a sysctl, which disables the sending of the RST or the Port unreachable. This is basically for public servers (like DNS servers), which I want to turn into black holes on ports where they are not listening. (This confuses things if someone strobes the machines, and also makes life a little more difficult for anyone who tries to portscan them.) In default configuration, everything would behave as per normal, and you would have to set a sysctl MIB before the behaviour that I have described is displayed. Can anyone think of any reason why this feature should not be implemented? Geoff. -- Geoff Rehmet, The Internet Solution - Infrastructure tel: +27-11-283-5462, fax: +27-11-283-5401 mobile: +27-83-292-5800 email: geoffr@is.co.za URL: http://www.is.co.za To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message