DoS na 80ku DEKUJI TI
Pentium
pentium.konference at seznam.cz
Mon Sep 20 22:47:24 CEST 2004
Moc ti dekuji za tvuj cas
Jinak skoleni se rad zucastnim kdyztak mi dej vedet o terminu atd na mail
pentium at seznam.cz rad se zucastnim i nejakeho
Mensiho skoleni
-----Original Message-----
From: users-l-bounces at freebsd.cz [mailto:users-l-bounces at freebsd.cz] On
Behalf Of Dan Lukes
Sent: Monday, September 20, 2004 1:17 AM
To: FreeBSD mailing list
Subject: Re: DoS na 80ku
Pentium wrote:
> K tem hodnotam sys spise doporucit jake hodnoty
To je to, co jsem se ti pokusil vysvetlit, ze v zasade nejde. Jednak
proto, ze uvedene hodnoty nemaji prakticky zadny vliv na tvuj problem,
jednak, i kdyby mely, hybani s podobnymi vecmi je treba delat s ohledem
na naprosto konkretni lokalni podminky - nejcasteji metodou pokus, omyl ...
> a české vysvetleni
No, prelozit ti to muzu.
+++++++++++++++++
>>net.inet.tcp.msl
This is the maximum amount of time to wait for an ACK in reply to a
SYN-ACK or FIN-ACK, in milliseconds. If the computer does not receive an
ACK in this time, it considers the segment lost and frees the network
connection.
Nejdelsi cas (v milisekundach) po ktery se ceka na ACK potvrzujici
SYN-ACK nebo FIN-ACK. V pripade, ze pocitac toto potvrzni nedostane
nejpozdeji za udany cas, uzavre TCP spojeni.
>>net.inet.tcp.blackhole
>>net.inet.udp.blackhole
defines what happens when the system receives a TCP packet on a closed
port. When set to 1, SYN packets arriving on a closed port will be
dropped without a RST packet being sent back. When set to 2, all packets
arriving on a closed port are dropped without an RST being sent back.
Definuje, co se stane, pokud dorazi TCP paket destinovany na
neotevreny
port. U TCP nastaveno na [1] znamena, ze paket bude zahozen a v opacnem
smeru bude odeslan RST paket. [2] znamena, ze paket bude zahozen tise. U
UDP, ktere nema institut RST paketu znamena [1], ze paket bude zahozen tise.
>>net.inet.icmp.icmplim
This controls the maximum number of ICMP "Unreachables" and also TCP RST
packets to return every second.
Urcuje maximalni pocet ICMP unreachables a TCP RST paketu generovanych
za sekundu.
++++++++++++++++++++++
Uz je zrejmejsi na co to je ?
Dan
--
Dan Lukes, SISAL, MFF UK tel: +420 2 21914205, fax: +420 2 21914206
AKA: dan at obluda.cz, dan at freebsd.cz, dan at kolej.mff.cuni.cz, dan at fio.cz
--
FreeBSD mailing list (users-l at freebsd.cz)
http://www.freebsd.cz/listserv/listinfo/users-l
More information about the Users-l
mailing list