Date: 25 Feb 2001 13:45:53 +0100 From: Dag-Erling Smorgrav <des@ofug.org> To: Alexandr Kovalenko <neve_ripe@yahoo.com> Cc: Alex Hayward <xelah@xelah.com>, freebsd-stable@FreeBSD.ORG Subject: Re: Re[2]: ipfw drop syn+fin Message-ID: <xzp1ysnj5ha.fsf@flood.ping.uio.no> In-Reply-To: Dag-Erling Smorgrav's message of "25 Feb 2001 13:43:57 %2B0100" References: <Pine.LNX.4.10.10102231024230.15158-100000@sphinx.mythic-beasts.com> <xzpelwnj66j.fsf@flood.ping.uio.no> <15867369422.20010225143757@yahoo.com> <xzp66hzj5ki.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Dag-Erling Smorgrav <des@ofug.org> writes: > The size of the files you serve is irrelevant. It's the size of the > requests that matters. But anyway, RFC1644 never went past > "experimental", and T/TCP support is off by default in FreeBSD, so > blocking SYN+FIN segments won't disable anything. One thing I should add, though - there's no real reason to block SYN+FIN segments unless you have a serious reason to believe that your machine is a high-profile target for script and packet kiddies. The TCP_DROP_SYNFIN option was developed for EFNet IRC servers. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzp1ysnj5ha.fsf>