Re: Defense against "Code Rainbow"

From: Brett Glass (brett@lariat.org)
Date: 09/19/01


Date: Wed, 19 Sep 2001 14:37:10 -0600
To: Erick Mechler <emechler@techometer.net>
From: Brett Glass <brett@lariat.org>

At 11:55 AM 9/19/2001, Erick Mechler wrote:

>What about using TCP wrapers? I'm not sure of the performance implications
>of doing so, but maybe it's worth a shot.

Apache doesn't play very well with TCP wrappers, as it likes to manage its
own sockets and process pool. Also, a wrapper wouldn't eliminate the overhead of
opening a socket. I'm trying to block the packets before that happens.

--Brett

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message