[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WTF, a new IIS worm?

Thorin Oakenshield wrote:
> I'm getting since at least 2 hours this kind of hits on my firewall:
> Sep 08 18:00:03.522998 rule 0/0(match): block in on fxp1:
> > S 3594171567:3594171567(0) win
> 16384 <mss 1400,nop,nop,sackOK>

In my pf.conf this is the first rule after passing in the natted traffic:

  block drop in quick on $ext_if inet from any to ! ($ext_if)

Saves a shipload of nonsense in your pflogs.

# Han

Visit your host, monkey.org