Re: Limiting closed port RST response from 381 to 200 p

From: Sheldon Hearn (sheldonh@starjuice.net)
Date: 04/15/02


From: Sheldon Hearn <sheldonh@starjuice.net>
To: Andrew Johns <johnsa@kpi.com.au>
Date: Mon, 15 Apr 2002 16:51:51 +0200


On Tue, 16 Apr 2002 00:20:01 +1000, Andrew Johns wrote:

> Actually Sheldon I think that's a great idea - helps with
> syslog DoS somewhat as well. Anybody else care to contemplate
> making it either a default or sysctl (ICMP_BANDLIMIT_DOSLIMIT?)

In CURRENT, logging is conditional on a sysctl value; the message
format is unchanged from that of STABLE, but logging can be turned off
completely if desired. This seems to keep most people happy.

I don't think my preference (always seeing the messages, but having
syslog coalesce them) is representative of the majority of folks to whom
this matters.

Ciao,
Sheldon.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Relevant Pages

  • Re: Firewall enabling confusion.
    ... > enable logging in the message file line shown below. ... sysctl -w net.inet.ip.fw.verbose: 1 ... > rule-based forwarding enabled, default to deny, logging disabled ... To unsubscribe, ...
    (freebsd-questions)
  • Re: Limiting closed port RST response from 381 to 200 p
    ... > syslog DoS somewhat as well. ... although having a sysctl which allows one to switch over ... probably involve a much higher packet rate. ...
    (FreeBSD-Security)
  • Re: TCP info spamming the logs and dmesg
    ... sysctl: unknown oid 'net.inet.tcp.log_debug' ... Is there some dependency in the kernel for this to work to stop the ... kernel younger than this commit? ...
    (freebsd-current)