Geoff Rehmet writes:
> After the discussions regarding the "log_in_vain"
> sysctls, I was thinking about a feature I would
> like to implement:
>
> Instead of sending a RST (for TCP) or Port Unreachable
> (for UDP) where the box is not listening on a socket,
> I would like to implement a sysctl, which disables the
> sending of the RST or the Port unreachable. This is
> basically for public servers (like DNS servers), which
> I want to turn into black holes on ports where they
> are not listening. (This confuses things if someone
> strobes the machines, and also makes life a little
> more difficult for anyone who tries to portscan them.)
>
> In default configuration, everything would behave as per
> normal, and you would have to set a sysctl MIB before the
> behaviour that I have described is displayed.
>
> Can anyone think of any reason why this feature should
> not be implemented?
I like that idea... net.inet.{tcp,udp}.drop_in_vain ?
-Archie
___________________________________________________________________________
Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
