On Tue, Nov 08, 2005 at 11:02:25AM -0800, Lars Eggert wrote: > Thus, I'd like to suggest that the default for > net.inet.tcp.insecure_rst be zero for now. AFAIK, any other TCP mod > came disabled be default in the past, too.
Being on the wrong end of a distributed tcp syn flood attack atm. on the machine I'm mailing from, is probably enough to convince me of its use. :-) I hardly notice anything on the machine, except for having to move the sshd to ipv6 only... Marc
pgpcdcp3qmmQh.pgp
Description: PGP signature
