Date: 22 Jan 2000 06:35:43 +0100 From: Dag-Erling Smorgrav <des@flood.ping.uio.no> To: Matthew Dillon <dillon@apollo.backplane.com> Cc: Keith Stevenson <k.stevenson@louisville.edu>, freebsd-security@FreeBSD.ORG Subject: Re: Some observations on stream.c and streamnt.c Message-ID: <xzpg0vqllcg.fsf@flood.ping.uio.no> In-Reply-To: Matthew Dillon's message of "Fri, 21 Jan 2000 18:45:07 -0800 (PST)" References: <4.2.2.20000120194543.019a8d50@localhost> <Pine.BSF.4.10.10001211419010.3943-100000@tetron02.tetronsoftware.com> <20000121162757.A7080@osaka.louisville.edu> <xzpk8l2lul4.fsf@flood.ping.uio.no> <200001220245.SAA66403@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Dillon <dillon@apollo.backplane.com> writes: > Second, you purport that TCP_RESTRICT_RST is a better solution. > I'll tell you something about TCP_RESTRICT_RST: It's garbage. It should > never have been committed into the tree. It takes out *EVERY* single > goddamn RST response in the entire TCP input chain, even the ones that > couldn't possibly be related to an attack. It does it *all the time*, > whether the machine is under attack or not. 1) don't teach me how TCP_RESTRICT_RST works. I wrote it. 2) it's not meant for protecting against attacks. You can figure the rest out for yourself. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpg0vqllcg.fsf>