On Wed, Aug 08, 2001 at 01:15:31PM +0800, David Xu wrote:
> my opinion is don't use accept filter, it can become DOS attack target.
> sending a big http header and don't complete it, it does not let apache know a
>connection
> is already made and there is no timeout counter like which in Apache
Christopher Ellwood wrote:
>
> On Tue, 7 Aug 2001, Alfred Perlstein wrote:
>
> > This is somewhat true, however your machine seems to be configured
> > quite poorly.
> >
> > Having a low amount of NMBCLUSTERS (1024) and at the same time keeping
> > an unbounded (or at least large) listen queue (
On Tue, 7 Aug 2001, Alfred Perlstein wrote:
> This is somewhat true, however your machine seems to be configured
> quite poorly.
>
> Having a low amount of NMBCLUSTERS (1024) and at the same time keeping
> an unbounded (or at least large) listen queue (listen(fd,-1)) is
> not advised, especially
my opinion is don't use accept filter, it can become DOS attack target.
sending a big http header and don't complete it, it does not let apache know a
connection
is already made and there is no timeout counter like which in Apache server.
using an accept filter can not get so much benifit.
--
* Christopher Ellwood <[EMAIL PROTECTED]> [010807 23:42] wrote:
> The Code Red II worm seems to have a negative impact on FreeBSD machines
> with HTTP Accept Filtering enabled either statically in the kernel or via
> modules.
>
> The man page for accf_http states that:
>
> It prevents the a
The Code Red II worm seems to have a negative impact on FreeBSD machines
with HTTP Accept Filtering enabled either statically in the kernel or via
modules.
The man page for accf_http states that:
It prevents the application from receiving the connected descriptor via
accept() until eit
Why don't you report it via PR? I suspect most patches will be lost in this mailling
list.
--
David Xu
- Original Message -
From: )>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, August 07, 2001 8:44 PM
Subject: possible duplicated free in kernel
> (Probably I have to make a PR...,)
>
>
On 05 Aug 2001 23:49:37 -0500, Bill Fumerola wrote:
> > I use PPP over SSH when doing this sort of thing. Quick and easy.
>
> ... and absolutly horrible in times of packet loss or heavy latency.
Indeed. But, it *does* make for a quick and easy VPN in a situation
where IPSec is, er, "overkill".
I'm observing the following problem: in a TCP connection between host F3
and any other host, the connection will stop when the TCP window first
drops below the average packet length. The only thing that sets F3 apart
is the fact that any connection to it is done through a vlan interface.
I hav
On Thu, Aug 02, 2001 at 17:08:32 -0400, stanislav shalunov wrote:
> stanislav shalunov <[EMAIL PROTECTED]> writes:
>
> > I'll try increasing the value of TI_JSLOTS to 8192 (twice the number
> > of 4K packets in 16MB window) and see if it makes a difference.
>
> FWIW, this seems to have improved
Hello,
I've added you to my freebsd-lists-for-dayan-only group at eGroups, a free,
easy-to-use email group service. As a member of this group, you
may send messages to the entire group using just one email address:
[EMAIL PROTECTED] eGroups also makes it easy to
store photos and files, coordina
the windows and freebsd machines are loosing the arp adress of my dhcpd
server still...
have the switch one arp table??? may not be the arp address of my old
dhcp server that the switch is mismatching???
my freebsd box (client), is with one arp address of my server that i
don't know why
help
(Probably I have to make a PR...,)
The latest RELNEG_4 version (rev. 1.7.2.4) of sys/netinet6/raw_ip6.c
has the following code fragment:
rip6_output()
...
freectl:
if (optp == &opt && optp->ip6po_rthdr && optp->ip6po_route.ro_rt)
RTFREE(optp->ip6po_route.ro_rt);
13 matches
Mail list logo
