Re: Limiting closed port RST response from 381 to 200 p

From: D J Hawkey Jr (hawkeyd@visi.com)
Date: 04/16/02 

Date: Mon, 15 Apr 2002 19:03:35 -0500 (CDT)
From: hawkeyd@visi.com (D J Hawkey Jr)
To: sheldonh@starjuice.net, freebsd-security@freebsd.org

In article <13814.1018882311_axl.seasidesoftware.co.za@ns.sol.net>,
        sheldonh@starjuice.net writes:
>
>
> On Tue, 16 Apr 2002 00:20:01 +1000, Andrew Johns wrote:
>
>> Actually Sheldon I think that's a great idea - helps with
>> syslog DoS somewhat as well. Anybody else care to contemplate
>> making it either a default or sysctl (ICMP_BANDLIMIT_DOSLIMIT?)
>
> In CURRENT, logging is conditional on a sysctl value; the message
> format is unchanged from that of STABLE, but logging can be turned off
> completely if desired. This seems to keep most people happy.
>
> I don't think my preference (always seeing the messages, but having
> syslog coalesce them) is representative of the majority of folks to whom
> this matters.

Here's one that agrees with you, especially if I'm monitoring with
root-tail; the coalescing is a welcomed feature as far as I'm concerned.

> Ciao,
> Sheldon.

Dave 

-- 
Windows: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming, or what?"
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message