Gleb Smirnoff wrote:
On Wed, Feb 25, 2004 at 04:47:03PM +0300, Andrew Riabtsev wrote:
A> To me it would be also interesting to know where this traffic comes
A> from. I have same on my local net:
A>
A> # tcpdump -neifxp0 src or dst 127.0.0.1
A> tcpdump: listening on fxp0
A> 16:26:23.280737 0:50:fc:ed:d4:4 0:02:55:b0:90:e4 0800 60: 127.0.0.1.80 > 192.168.141.148.1928: R 0:0(0) ack 1986723841 win 0
16:26:23.287642 0:1:2:9>c:cf:e2 0:02:55:b0:90:e4 0800 60: 127.0.0.1.80 > 192.168.118.205.1046: R 0:0(0) ack 1959723009 win 0
This is some kind of Win32 virus. This floods can be easily
stopped by ipfw rule:
deny tcp from any to any tcpflags rst,ack
These packets never reach IPFW as we can see.
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
