[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WTF, a new IIS worm?



Thorin Oakenshield wrote:
> I'm getting since at least 2 hours this kind of hits on my firewall:
>
> Sep 08 18:00:03.522998 rule 0/0(match): block in on fxp1:
> 199.237.51.7.3983 > 10.0.0.2.18969: S 3594171567:3594171567(0) win
> 16384 <mss 1400,nop,nop,sackOK>


In my pf.conf this is the first rule after passing in the natted traffic:

  block drop in quick on $ext_if inet from any to ! ($ext_if)


Saves a shipload of nonsense in your pflogs.



# Han



Visit your host, monkey.org