Re: Limiting closed port RST response from 381 to 200 p

From: Andrew Johns (johnsa@kpi.com.au)
Date: 04/15/02 

Date: Tue, 16 Apr 2002 00:20:01 +1000
From: Andrew Johns <johnsa@kpi.com.au>
To: Sheldon Hearn <sheldonh@starjuice.net>

Sheldon Hearn wrote:

>
> You lose the "severity at a glance" value of the messages this way, but

> I don't find them useful enough to warrant the mess in
> /var/log/messages.
>
> Ciao,
> Sheldon.
>
> Index: ip_icmp.c
> ===================================================================
> RCS file: /home/ncvs/src/sys/netinet/ip_icmp.c,v
> retrieving revision 1.39.2.16
> diff -u -d -r1.39.2.16 ip_icmp.c
> --- ip_icmp.c 22 Mar 2002 16:54:18 -0000 1.39.2.16
> +++ ip_icmp.c 15 Apr 2002 13:39:53 -0000
> @@ -862,9 +862,8 @@
>
> if ((unsigned int)dticks > hz) {
> if (lpackets[which] > icmplim) {

> - printf("%s from %d to %d packets per second\n",

> + printf("%s to %d packets per second\n",

> bandlimittype[which],
> - lpackets[which],
> icmplim
> );
> }

Actually Sheldon I think that's a great idea - helps with
syslog DoS somewhat as well. Anybody else care to contemplate
making it either a default or sysctl (ICMP_BANDLIMIT_DOSLIMIT?)

AJ

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message