OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq Archives: Re: Various Errors in Slackware

Re: Various Errors in Slackware

Subject: Re: Various Errors in Slackware
From: Alan Cox (alanLXORGUK.UKUU.ORG.UK)
Date: Wed Dec 22 1999 - 13:22:16 CST

> I would check with Alan on the SYN cookies, iirc, there is a good reason why
> SYN cookies are not turned on by default. In 2.3.x it is not turned on by
> default in the kernel compile and again must be explicitly enabled in /proc
> after adding it to the kernel.

SYN cookies don't default to on purely because they are strictly not "the
standard". I don't actually know of anything they upset. In fact its
normally standards compliant stuff that causes problems

        SACK - with buggy VJ compressors
        PAWS - with broken load balancers
MTU discovery - with assholes who block all ICMP out and in (some
                        very big names in the business meet this criteria btw)

RST cookies were also in Linux 2.0, those did cause problems with some setups
and were dropped

> I imagine the packet forwarding is on by default in the interest of least
> surprise from slackware. I.e. why you can't pass packets across the machine

Least suprise until you accidentally have a router you didnt expect. The
RFC1122 rules are for a very good reason.

RP filter set to one should be fine, that will just ignore packets externally
originated from your own interface addresses. Such packets are generally sent
only by readers of this list and others like it .

Alan

This archive was generated by hypermail 2b27 : Thu Dec 23 1999 - 11:40:23 CST