Lines Matching +full:segment +full:- +full:1 +full:a

2 .\" blackhole - drop refused TCP or UDP connects
7 .\" 1. Redistributions of source code must retain the above copyright
20 .Cd sysctl net.inet.sctp.blackhole Ns Op = Ns Brq "0 | 1 | 2"
21 .Cd sysctl net.inet.tcp.blackhole Ns Op = Ns Brq "0 | 1 | 2 | 3"
22 .Cd sysctl net.inet.tcp.blackhole_local Ns Op = Ns Brq "0 | 1"
23 .Cd sysctl net.inet.udp.blackhole Ns Op = Ns Brq "0 | 1"
24 .Cd sysctl net.inet.udp.blackhole_local Ns Op = Ns Brq "0 | 1"
33 The blackhole behaviour is useful to slow down an attacker who is port-scanning
34 a system in an attempt to detect vulnerable services.
45 Setting the SCTP blackhole MIB to a numeric value of one
47 A MIB value of two will do the same, but will also prevent sending an ABORT packet
50 Normal behaviour, when a TCP SYN segment is received on a port where
52 a RST segment, and drop the incoming SYN segment.
54 see this as a
57 MIB to a numeric value of one, the incoming SYN segment
59 as a blackhole.
60 By setting the MIB value to two, any segment arriving
61 on a closed port is dropped without returning a RST.
62 Setting the MIB value to three, any segment arriving on a closed port
63 or an unexpected segment on a listening port is dropped without sending a
68 of an ICMP port unreachable message in response to a UDP datagram which
69 arrives on a port where there is no socket listening.
72 to a system.
74 The SCTP, TCP, and UDP blackhole features should not be regarded as a replacement
81 This mechanism is not a substitute for securing a system.