hmm, on Mon, Sep 19, 2005 at 06:33:16PM -0600, jared r r spiegel said that
> > this doesn't seem to have the disired effect...
> > the rule got translated into
> > 
> > block drop in quick inet from any to xxx.xxx.xxx.255
> > 
> > and is not stopping all the noise...
> 
>   heh.. cable modem? (arparparparparparparparp.. :P)...
> 
>   what is the noise exactly?
> 
>   give tcpdump pflog0, make known what is/isn't your IP
>   ( xxx out the middle 2 octets or whatever makes you happy ).
> 
>   i understand you mean 'noise' to be "a lot of traffic that shows up
>   on my line that is full of valid CRCs but not intended for me or of
>   no interest to me", but what is it, exactly?

ok, here's some "noise"
(just to show what else i get, i filtered all the ports you suggested,
and some more):

:set paste

rule 4/(match) block in on ne3: 222.180.36.139.1056 > 62.24.89.85.1434:  udp 
376 [tos 0x20]
rule 4/(match) block in on ne3: 61.172.203.237.7000 > 62.24.90.3.16170: S 
3881939974:3881939974(0) ack 4195173196 win 16384 <mss 1460,nop,nop,sackOK> 
[tos 0x20]
rule 4/(match) block in on ne3: 84.31.197.172.1875 > 62.24.89.111.6346: S 
1956560420:1956560420(0) win 65535 <mss 1460,nop,nop,sackOK> (DF) [tos 0x20]
rule 4/(match) block in on ne3: 220.237.169.60.4342 > 62.24.89.22.22718: R 
0:0(0) win 0 [tos 0x20]
rule 4/(match) block in on ne3: 68.238.152.155.21100 > 84.42.169.201.6346: S 
3348705148:3348705148(0) win 16384 <mss 1452,nop,nop,sackOK> (DF) [tos 0x40]
rule 4/(match) block in on ne3: 61.142.81.161.80 > 62.24.89.164.4829: R 0:0(0) 
ack 2253512466 win 0 [tos 0x20]
rule 4/(match) block in on ne3: 71.2.166.221.14276 > 62.24.89.124.6346:  udp 35 
[tos 0x20]
rule 4/(match) block in on ne3: 222.180.36.139.1056 > 62.24.90.213.1434:  udp 
376 [tos 0x20]
rule 4/(match) block in on ne3: 72.36.170.26.1046 > 84.42.169.41.1434:  udp 376 
[tos 0x20]
rule 4/(match) block in on ne3: 81.193.101.175.11782 > 62.24.89.70.6346: S 
1933151585:1933151585(0) win 65535 <mss 1452,nop,nop,sackOK> (DF) [tos 0x20]
rule 4/(match) block in on ne3: 194.149.104.58.10052 > 62.24.89.22.1071:  udp 75
rule 4/(match) block in on ne3: 60.191.129.114.1110 > 213.220.238.29.1434:  udp 
376 [tos 0x20]
rule 4/(match) block in on ne3: 194.108.142.123.25859 > 62.24.90.57.3223:  udp 
77 [tos 0x20]
rule 4/(match) block in on ne3: 61.142.81.161.80 > 62.24.89.139.853: R 0:0(0) 
ack 978635617 win 0 [tos 0x20]
rule 4/(match) block in on ne3: 81.193.101.175.11902 > 62.24.89.70.6346: S 
1197886245:1197886245(0) win 65535 <mss 1452,nop,nop,sackOK> (DF) [tos 0x20]
rule 4/(match) block in on ne3: 222.73.0.110.2344 > 213.220.238.79.1434:  udp 
376 [tos 0x20]
rule 4/(match) block in on ne3: 222.180.36.139.1056 > 84.42.169.95.1434:  udp 
376 [tos 0x20]
rule 4/(match) block in on ne3: 84.90.47.222.52369 > 84.42.169.41.4110:  udp 74
rule 4/(match) block in on ne3: 81.193.101.175.11980 > 62.24.89.70.6346: S 
2900328972:2900328972(0) win 65535 <mss 1452,nop,nop,sackOK> (DF) [tos 0x20]
rule 4/(match) block in on ne3: 219.132.23.236.1317 > 62.24.89.175.1434:  udp 
376 [tos 0x20]
rule 4/(match) block in on ne3: 219.132.16.242.1065 > 62.24.89.252.1434:  udp 
376 [tos 0x20]
rule 4/(match) block in on ne3: 81.193.101.175.12005 > 62.24.89.70.6346: S 
3648369907:3648369907(0) win 65535 <mss 1452,nop,nop,sackOK> (DF) [tos 0x20]
rule 4/(match) block in on ne3: 202.101.70.43.3010 > 62.24.89.157.1434:  udp 
376 [tos 0x20]
rule 4/(match) block in on ne3: 66.177.118.190.3999 > 213.220.238.139.2295: S 
2270693086:2270693086(0) win 16384 <mss 1460,nop,nop,sackOK> (DF) [tos 0x20]
rule 4/(match) block in on ne3: 61.139.37.28.1807 > 62.24.90.9.1434:  udp 376 
[tos 0x20]
rule 4/(match) block in on ne3: 81.193.101.175.12078 > 62.24.89.70.6346: S 
234221371:234221371(0) win 65535 <mss 1452,nop,nop,sackOK> (DF) [tos 0x20]
rule 4/(match) block in on ne3: 219.153.6.49.1185 > 62.24.90.81.1434:  udp 376 
[tos 0x20]
rule 4/(match) block in on ne3: 86.137.77.76.4761 > 84.42.169.80.6346: S 
80365531:80365531(0) win 65535 <mss 1452,nop,nop,sackOK> (DF)
rule 4/(match) block in on ne3: 81.193.101.175.12103 > 62.24.89.70.6346: S 
1831111360:1831111360(0) win 65535 <mss 1452,nop,nop,sackOK> (DF) [tos 0x20]
rule 4/(match) block in on ne3: 212.65.215.9.54848 > 62.24.89.76.6346: S 
2858633983:2858633983(0) win 64240 <mss 1460,nop,nop,sackOK> [tos 0x20]
rule 4/(match) block in on ne3: 216.74.57.104.1038 > 84.42.169.141.1434:  udp 
376 [tos 0x20]
rule 4/(match) block in on ne3: 210.29.135.111.80 > 62.24.90.93.602: S 
2436337942:2436337942(0) ack 2021041446 win 16384 <mss 1460,nop,nop,sackOK> 
[tos 0x20]
rule 4/(match) block in on ne3: 219.92.155.13.1362 > 62.24.89.202.1434:  udp 376
rule 4/(match) block in on ne3: 217.79.145.214.1041 > 84.42.169.80.6346: S 
578003833:578003833(0) win 25200 <mss 1260,nop,nop,sackOK> (DF) [tos 0x60]
rule 4/(match) block in on ne3: 81.193.101.175.12173 > 62.24.89.70.6346: S 
1330783368:1330783368(0) win 65535 <mss 1452,nop,nop,sackOK> (DF) [tos 0x20]
rule 4/(match) block in on ne3: 172.168.103.47.3331 > 213.220.238.103.3127: S 
2863424814:2863424814(0) win 16384 <mss 1322,nop,nop,sackOK> (DF)
rule 4/(match) block in on ne3: 202.107.250.82.1221 > 213.220.238.204.1434:  
udp 376 [tos 0x20]
rule 4/(match) block in on ne3: 84.244.69.124 > 62.24.89.250: icmp: echo 
request (DF)
rule 4/(match) block in on ne3: 194.108.142.123.25859 > 62.24.90.57.3223:  udp 
77 [tos 0x20]
rule 4/(match) block in on ne3: 61.142.81.161.80 > 62.24.89.42.7351: R 0:0(0) 
ack 3057193790 win 0 [tos 0x20]
rule 4/(match) block in on ne3: 82.117.221.171.2755 > 62.24.90.85.11768: S 
2318846016:2318846016(0) win 64240 <mss 1460,nop,nop,sackOK> (DF)
rule 4/(match) block in on ne3: 61.187.251.83.80 > 62.24.90.13.11410: S 
3474718252:3474718252(0) ack 538075666 win 16384 [tos 0x20]
rule 4/(match) block in on ne3: 66.177.118.190.4033 > 213.220.238.139.2295: S 
1274333554:1274333554(0) win 16384 <mss 1460,nop,nop,sackOK> (DF) [tos 0x20]
rule 4/(match) block in on ne3: 205.188.9.216.5190 > 213.220.238.115.1346: . 
ack 508570793 win 16384 (DF)



62.24.90/24 is my network, .1 is the gateway .255 is the broadcast, so i
understand why i get everything in between...

the other nets, i don't know

-f
-- 
do not tell big lies.  small ones can be just as effective.

Reply via email to