Date: Wed, 21 Jun 2000 17:28:37 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: John F Cuzzola <vdrifter@ocis.ocis.net> Cc: Maksimov Maksim <maksim@tts.tomsk.su>, freebsd-security@FreeBSD.ORG Subject: Re: How defend from stream2.c attack? Message-ID: <Pine.BSF.4.21.0006211657040.61537-100000@achilles.silby.com> In-Reply-To: <Pine.LNX.4.21.0006210959020.5119-100000@ocis.ocis.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 21 Jun 2000, John F Cuzzola wrote: > > Hi There, > Thanks for the information. I use alot of FreeBSD servers as dedicated > firewalls and as such am very interested in this kind of information. I > have set net.inet.icmp.icmplim down to 20 (it was set at 200) as > recommended and was wondering what exactly does this variable do? Also do > you recommend compiling the kernel with the restrict RST option as well > and what are the implications of doing so? (ie: what does it break?) Well, in short, RSTs are sent in response to unexpected packets, such as those during when someone's attacking your box in certain manners, or in response to connections to ports which aren't open. They're not much needed, which is why you can get away with totally eliminating the sending of them as Brett suggests. However, just to be more polite in the case that a legitimate misconnection is made, it's better to leave them enabled. As for what's an appropiate setting to how many a second to send max... how many bad connections do you expect to be made to your system per second? Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0006211657040.61537-100000>