Closing off tcp
Simon Waters
Simon at wretched.demon.co.uk
Thu Jan 10 01:58:15 UTC 2002
Doug Barton wrote:
>
> The stated goal is to reduce our syn flood profile, and reduce
> vulnerability to root exploits. I keep asking for examples of the latter,
> and haven't gotten any yet.
Hmm - presumably you also pointed out it isn't running as root,
and is chrooted (It is isn't it?)
Are you also running 9? Which has a better history than 8
already. Running 9 should also result in less TCP queries
anyway.
Of course analysing current traffic won't save your successor
from tripping over a new problem created by a longer record
added in the future.....
More information about the bind-users
mailing list