-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Tom Huppi <[EMAIL PROTECTED]> wrote:
>
> Anyway, I am getting what I believe to be syn floods
> periodically. They dwarf my production traffic and sometimes
> get close to producing as much bandwith as we are paying for. A
> representative sample looks like so when viewed with tcpdump on
> my outward interface ('em1'):
>
> 21:36:53.870312 IP 125.21.176.19.x11 > 74.123.192.195.domain: S
> 27394048:27394048(0) win 16384
> 21:36:53.870319 IP 125.21.176.19.x11 > 74.123.192.204.domain: S
> 1793916928:1793916928(0) win 16384
Since you went to the trouble of obscuring the source IP, I presume that
the source IP is your IP. So, these look like responses, i.e. outbound
traffic, not inbound, since they are sourced from your IP. You can use
tcpdump's -e flag to be sure who is sending and who is receiving.
- --
David DeSimone == Network Admin == [EMAIL PROTECTED]
"I don't like spinach, and I'm glad I don't, because if I
liked it I'd eat it, and I just hate it." -- Clarence Darrow
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFImzGpFSrKRjX5eCoRAmQWAJ42P3j3LgD9gE5aqIs+A9ytFAzUgACeLU1g
0F9BDmubpLI37Bz/OKW420Y=
=Nm7c
-----END PGP SIGNATURE-----
This email message is intended for the use of the person to whom it has been
sent, and may contain information that is confidential or legally protected. If
you are not the intended recipient or have received this message in error, you
are not authorized to copy, distribute, or otherwise use this message or its
attachments. Please notify the sender immediately by return e-mail and
permanently delete this message and any attachments. Verio, Inc. makes no
warranty that this email is error or virus free. Thank you.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
