TCP RST handling in 6.0
Marc Olzheim
marcolz at stack.nl
Tue Nov 8 12:46:06 PST 2005
On Tue, Nov 08, 2005 at 11:02:25AM -0800, Lars Eggert wrote:
> Thus, I'd like to suggest that the default for
> net.inet.tcp.insecure_rst be zero for now. AFAIK, any other TCP mod
> came disabled be default in the past, too.
Being on the wrong end of a distributed tcp syn flood attack atm. on the
machine I'm mailing from, is probably enough to convince me of its use.
:-)
I hardly notice anything on the machine, except for having to move the
sshd to ipv6 only...
Marc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20051108/ccafca07/attachment.bin
More information about the freebsd-net
mailing list