Closing off tcp

Simon Waters Simon at wretched.demon.co.uk
Thu Jan 10 01:58:15 UTC 2002


Doug Barton wrote:
> 
>         The stated goal is to reduce our syn flood profile, and reduce
> vulnerability to root exploits. I keep asking for examples of the latter,
> and haven't gotten any yet.

Hmm - presumably you also pointed out it isn't running as root,
and is chrooted (It is isn't it?)

Are you also running 9? Which has a better history than 8
already. Running 9 should also result in less TCP queries
anyway.

Of course analysing current traffic won't save your successor
from tripping over a new problem created by a longer record
added in the future.....


More information about the bind-users mailing list