Re: Limiting TCP RST Response Packets

From: alexus (ml@db.nexgen.com)
Date: 05/31/01 

From: "alexus" <ml@db.nexgen.com>
To: "Rob Simmons" <rsimmons@wlcg.com>, "Liran Dahan" <lirandb@netvision.net.il>
Date: Thu, 31 May 2001 15:06:43 -0400

what is TCP_RESTRICT_RST do anyway?
what is it for?

----- Original Message -----
From: "Rob Simmons" <rsimmons@wlcg.com>
To: "Liran Dahan" <lirandb@netvision.net.il>
Cc: <freebsd-security@FreeBSD.ORG>
Sent: Thursday, May 31, 2001 2:46 PM
Subject: Re: Limiting TCP RST Response Packets

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: RIPEMD160
>
> You will need to add the following line to your kernel config file, and
> recompile the kernel:
>
> options TCP_RESTRICT_RST
>
> You should also read the comments about this option in the LINT file.
>
> Then you will need to add this line to your rc.conf file:
>
> tcp_restrict_rst="YES"
>
> or you can use the sysctl knob:
>
> net.inet.tcp.restrict_rst
>
> Robert Simmons
> Systems Administrator
> http://www.wlcg.com/
>
> On Thu, 31 May 2001, Liran Dahan wrote:
>
> > Im afarid of someone trying to flood me by Connecting to me 1000 times
> > and for every time like that it will send TCP Rst Reponse. Is there
> > any way to Limit TCP Rst Response packets? Is there a way to Limit
> > Unreach Messages (IPFW) that it wont flood me too ?
> >
> > -Liran Dahan- (lirandb@netvision.net.il)
> >
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.5 (FreeBSD)
> Comment: For info see http://www.gnupg.org
>
> iD8DBQE7FpF1v8Bofna59hYRA/uBAJ43eCmPWdjrBK3DTt1DKCnSA5k0KwCdGMAa
> MgbhLld2PtM7xBxEEuXfcgc=
> =7UMY
> -----END PGP SIGNATURE-----
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message