Subject: Re: net.inet.tcp.log_refused??
To: Jason Thorpe <email@example.com>
From: Andrew Doran <firstname.lastname@example.org>
Date: 05/27/1999 09:47:38
Jason Thorpe wrote:
> revision 1.82
> date: 1999/05/23 20:33:50; author: ad; state: Exp; lines: +10 -1
> Add new sysctl (net.inet.tcp.log_refused) that when set, causes refused TCP
> connections to be logged.
> Um... being one of the people who's basically responsible for maintaining
> our TCP ... I'm sort of curious why:
> (1) This wasn't run by me,
> (2) there wasn't any discussion about it in some appropriate forum.
> I see very little justification for this option, especially since, when
> it's used, it's a great way for an outsider to fill up your file system
> with useless log messages -- useless because the information in them can't
> even be trusted; forging the source address on the SYN is pretty easy.
It's logged with LOG_INFO priority so this doesn't happen if your
syslogd is using the default configuration. Many things can be forged;
the rationale behind the option is so you can at least see these things
> "Oh look! Lots of connections refused from 10.0.0.1!!"
I will back out the change tonight.