[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WTF, a new IIS worm?

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: WTF, a new IIS worm?
From: Han Boetes <han_(_at_)_mijncomputer_(_dot_)_nl>
Date: Wed, 8 Sep 2004 22:23:02 +0200
Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org

Thorin Oakenshield wrote:
> I'm getting since at least 2 hours this kind of hits on my firewall:
>
> Sep 08 18:00:03.522998 rule 0/0(match): block in on fxp1:
> 199.237.51.7.3983 > 10.0.0.2.18969: S 3594171567:3594171567(0) win
> 16384 <mss 1400,nop,nop,sackOK>

In my pf.conf this is the first rule after passing in the natted traffic:

  block drop in quick on $ext_if inet from any to ! ($ext_if)

Saves a shipload of nonsense in your pflogs.

# Han

Follow-Ups:
- Re: WTF, a new IIS worm?
  - From: Thorin Oakenshield

References:
- WTF, a new IIS worm?
  - From: Thorin Oakenshield

Prev by Date: Re: HPPA boot cd
Next by Date: Re: HPPA boot cd
Previous by thread: Re: WTF, a new IIS worm?
Next by thread: Re: WTF, a new IIS worm?
Index(es):
- Date
- Thread

Visit your host, monkey.org