Re: New release of the "Securing Debian Manual" (2.5)

To: Javier Fernández-Sanguino Peña <jfs@computer.org>
Cc: Debian-security <Debian-security@lists.debian.org>
Subject: Re: New release of the "Securing Debian Manual" (2.5)
From: Thiemo Nagel <thiemonagel@gmx.de>
Date: Mon, 02 Sep 2002 14:02:46 +0200
Message-id: <[🔎] 3D735366.1080106@gmx.de>
References: <[🔎] 20020902110756.GA19459@dat.etsit.upm.es>

Hello Javi,

thanks for your good work.

I have a *new* FIXME (as opposed to removing one) in the script at"4.19.2 Securing the network on boot-time":


echo 1 > /proc/sys/net/ipv4/ip_always_defrag

doesn't work for 2.4 kernels. It seems, there are three new options formore fine-grained control about defragmenting:


/proc/sys/net/ipv4/ipfrag_high_thresh
Maximum amount of memory used for defragmenting.
(default at my system: 262144)

/proc/sys/net/ipv4/ipfrag_low_thresh
Minimum amount of memory used for defragmenting.
(default at my system: 196608)

/proc/sys/net/ipv4/ipfrag_time
Time to wait for additional fragments.
(default at my system: 30)

I have no in-depth knowledge about this, though. It looks like "alwaysdefrag" would be enabled in 2.4 by default (with the parametersspecified above), but I don't know how to disable it. Maybe settingipfrag_time or ipfrag_high_thres to zero ??? - Can anybody help?


regards,

Thiemo Nagel

Reply to:

References:
- New release of the "Securing Debian Manual" (2.5)
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>

Prev by Date: New release of the "Securing Debian Manual" (2.5)
Next by Date: UNSUBSCRIBE
Previous by thread: New release of the "Securing Debian Manual" (2.5)
Next by thread: woody apache/ssl - security issue?
Index(es):
- Date
- Thread