diff options
| author | imp <imp@FreeBSD.org> | 2000-01-28 06:13:09 +0000 |
|---|---|---|
| committer | imp <imp@FreeBSD.org> | 2000-01-28 06:13:09 +0000 |
| commit | 9d11326d8605120adbea532fa69211355d967edf (patch) | |
| tree | eb7ddca9067c455c52a591ee0e9e14f4d82c1f1b /sys/alpha/conf | |
| parent | f8e48f511e5de002b13eb638515c1422d6ca1173 (diff) | |
| download | FreeBSD-src-9d11326d8605120adbea532fa69211355d967edf.zip FreeBSD-src-9d11326d8605120adbea532fa69211355d967edf.tar.gz | |
Mitigate the stream.c attacks
o Drop all broadcast and multicast source addresses in tcp_input.
o Enable ICMP_BANDLIM in GENERIC.
o Change default to 200/s from 100/s. This will still stop the attack, but
is conservative enough to do this close to code freeze.
This is not the optimal patch for the problem, but is likely the least
intrusive patch that can be made for this.
Obtained from: Don Lewis and Matt Dillon.
Reviewed by: freebsd-security
Diffstat (limited to 'sys/alpha/conf')
| -rw-r--r-- | sys/alpha/conf/GENERIC | 1 | ||||
| -rw-r--r-- | sys/alpha/conf/NOTES | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/sys/alpha/conf/GENERIC b/sys/alpha/conf/GENERIC index 94c108b..b019739 100644 --- a/sys/alpha/conf/GENERIC +++ b/sys/alpha/conf/GENERIC @@ -59,6 +59,7 @@ options KTRACE #ktrace(1) syscall trace support options SYSVSHM #SYSV-style shared memory options SYSVMSG #SYSV-style message queues options SYSVSEM #SYSV-style semaphores +options ICMP_BANDLIM # Rate limit bad replies # Standard busses device isa diff --git a/sys/alpha/conf/NOTES b/sys/alpha/conf/NOTES index 94c108b..b019739 100644 --- a/sys/alpha/conf/NOTES +++ b/sys/alpha/conf/NOTES @@ -59,6 +59,7 @@ options KTRACE #ktrace(1) syscall trace support options SYSVSHM #SYSV-style shared memory options SYSVMSG #SYSV-style message queues options SYSVSEM #SYSV-style semaphores +options ICMP_BANDLIM # Rate limit bad replies # Standard busses device isa |
