hmm, on Mon, Sep 19, 2005 at 06:33:16PM -0600, jared r r spiegel said that > > this doesn't seem to have the disired effect... > > the rule got translated into > > > > block drop in quick inet from any to xxx.xxx.xxx.255 > > > > and is not stopping all the noise... > > heh.. cable modem? (arparparparparparparparp.. :P)... > > what is the noise exactly? > > give tcpdump pflog0, make known what is/isn't your IP > ( xxx out the middle 2 octets or whatever makes you happy ). > > i understand you mean 'noise' to be "a lot of traffic that shows up > on my line that is full of valid CRCs but not intended for me or of > no interest to me", but what is it, exactly?
ok, here's some "noise" (just to show what else i get, i filtered all the ports you suggested, and some more): :set paste rule 4/(match) block in on ne3: 222.180.36.139.1056 > 62.24.89.85.1434: udp 376 [tos 0x20] rule 4/(match) block in on ne3: 61.172.203.237.7000 > 62.24.90.3.16170: S 3881939974:3881939974(0) ack 4195173196 win 16384 <mss 1460,nop,nop,sackOK> [tos 0x20] rule 4/(match) block in on ne3: 84.31.197.172.1875 > 62.24.89.111.6346: S 1956560420:1956560420(0) win 65535 <mss 1460,nop,nop,sackOK> (DF) [tos 0x20] rule 4/(match) block in on ne3: 220.237.169.60.4342 > 62.24.89.22.22718: R 0:0(0) win 0 [tos 0x20] rule 4/(match) block in on ne3: 68.238.152.155.21100 > 84.42.169.201.6346: S 3348705148:3348705148(0) win 16384 <mss 1452,nop,nop,sackOK> (DF) [tos 0x40] rule 4/(match) block in on ne3: 61.142.81.161.80 > 62.24.89.164.4829: R 0:0(0) ack 2253512466 win 0 [tos 0x20] rule 4/(match) block in on ne3: 71.2.166.221.14276 > 62.24.89.124.6346: udp 35 [tos 0x20] rule 4/(match) block in on ne3: 222.180.36.139.1056 > 62.24.90.213.1434: udp 376 [tos 0x20] rule 4/(match) block in on ne3: 72.36.170.26.1046 > 84.42.169.41.1434: udp 376 [tos 0x20] rule 4/(match) block in on ne3: 81.193.101.175.11782 > 62.24.89.70.6346: S 1933151585:1933151585(0) win 65535 <mss 1452,nop,nop,sackOK> (DF) [tos 0x20] rule 4/(match) block in on ne3: 194.149.104.58.10052 > 62.24.89.22.1071: udp 75 rule 4/(match) block in on ne3: 60.191.129.114.1110 > 213.220.238.29.1434: udp 376 [tos 0x20] rule 4/(match) block in on ne3: 194.108.142.123.25859 > 62.24.90.57.3223: udp 77 [tos 0x20] rule 4/(match) block in on ne3: 61.142.81.161.80 > 62.24.89.139.853: R 0:0(0) ack 978635617 win 0 [tos 0x20] rule 4/(match) block in on ne3: 81.193.101.175.11902 > 62.24.89.70.6346: S 1197886245:1197886245(0) win 65535 <mss 1452,nop,nop,sackOK> (DF) [tos 0x20] rule 4/(match) block in on ne3: 222.73.0.110.2344 > 213.220.238.79.1434: udp 376 [tos 0x20] rule 4/(match) block in on ne3: 222.180.36.139.1056 > 84.42.169.95.1434: udp 376 [tos 0x20] rule 4/(match) block in on ne3: 84.90.47.222.52369 > 84.42.169.41.4110: udp 74 rule 4/(match) block in on ne3: 81.193.101.175.11980 > 62.24.89.70.6346: S 2900328972:2900328972(0) win 65535 <mss 1452,nop,nop,sackOK> (DF) [tos 0x20] rule 4/(match) block in on ne3: 219.132.23.236.1317 > 62.24.89.175.1434: udp 376 [tos 0x20] rule 4/(match) block in on ne3: 219.132.16.242.1065 > 62.24.89.252.1434: udp 376 [tos 0x20] rule 4/(match) block in on ne3: 81.193.101.175.12005 > 62.24.89.70.6346: S 3648369907:3648369907(0) win 65535 <mss 1452,nop,nop,sackOK> (DF) [tos 0x20] rule 4/(match) block in on ne3: 202.101.70.43.3010 > 62.24.89.157.1434: udp 376 [tos 0x20] rule 4/(match) block in on ne3: 66.177.118.190.3999 > 213.220.238.139.2295: S 2270693086:2270693086(0) win 16384 <mss 1460,nop,nop,sackOK> (DF) [tos 0x20] rule 4/(match) block in on ne3: 61.139.37.28.1807 > 62.24.90.9.1434: udp 376 [tos 0x20] rule 4/(match) block in on ne3: 81.193.101.175.12078 > 62.24.89.70.6346: S 234221371:234221371(0) win 65535 <mss 1452,nop,nop,sackOK> (DF) [tos 0x20] rule 4/(match) block in on ne3: 219.153.6.49.1185 > 62.24.90.81.1434: udp 376 [tos 0x20] rule 4/(match) block in on ne3: 86.137.77.76.4761 > 84.42.169.80.6346: S 80365531:80365531(0) win 65535 <mss 1452,nop,nop,sackOK> (DF) rule 4/(match) block in on ne3: 81.193.101.175.12103 > 62.24.89.70.6346: S 1831111360:1831111360(0) win 65535 <mss 1452,nop,nop,sackOK> (DF) [tos 0x20] rule 4/(match) block in on ne3: 212.65.215.9.54848 > 62.24.89.76.6346: S 2858633983:2858633983(0) win 64240 <mss 1460,nop,nop,sackOK> [tos 0x20] rule 4/(match) block in on ne3: 216.74.57.104.1038 > 84.42.169.141.1434: udp 376 [tos 0x20] rule 4/(match) block in on ne3: 210.29.135.111.80 > 62.24.90.93.602: S 2436337942:2436337942(0) ack 2021041446 win 16384 <mss 1460,nop,nop,sackOK> [tos 0x20] rule 4/(match) block in on ne3: 219.92.155.13.1362 > 62.24.89.202.1434: udp 376 rule 4/(match) block in on ne3: 217.79.145.214.1041 > 84.42.169.80.6346: S 578003833:578003833(0) win 25200 <mss 1260,nop,nop,sackOK> (DF) [tos 0x60] rule 4/(match) block in on ne3: 81.193.101.175.12173 > 62.24.89.70.6346: S 1330783368:1330783368(0) win 65535 <mss 1452,nop,nop,sackOK> (DF) [tos 0x20] rule 4/(match) block in on ne3: 172.168.103.47.3331 > 213.220.238.103.3127: S 2863424814:2863424814(0) win 16384 <mss 1322,nop,nop,sackOK> (DF) rule 4/(match) block in on ne3: 202.107.250.82.1221 > 213.220.238.204.1434: udp 376 [tos 0x20] rule 4/(match) block in on ne3: 84.244.69.124 > 62.24.89.250: icmp: echo request (DF) rule 4/(match) block in on ne3: 194.108.142.123.25859 > 62.24.90.57.3223: udp 77 [tos 0x20] rule 4/(match) block in on ne3: 61.142.81.161.80 > 62.24.89.42.7351: R 0:0(0) ack 3057193790 win 0 [tos 0x20] rule 4/(match) block in on ne3: 82.117.221.171.2755 > 62.24.90.85.11768: S 2318846016:2318846016(0) win 64240 <mss 1460,nop,nop,sackOK> (DF) rule 4/(match) block in on ne3: 61.187.251.83.80 > 62.24.90.13.11410: S 3474718252:3474718252(0) ack 538075666 win 16384 [tos 0x20] rule 4/(match) block in on ne3: 66.177.118.190.4033 > 213.220.238.139.2295: S 1274333554:1274333554(0) win 16384 <mss 1460,nop,nop,sackOK> (DF) [tos 0x20] rule 4/(match) block in on ne3: 205.188.9.216.5190 > 213.220.238.115.1346: . ack 508570793 win 16384 (DF) 62.24.90/24 is my network, .1 is the gateway .255 is the broadcast, so i understand why i get everything in between... the other nets, i don't know -f -- do not tell big lies. small ones can be just as effective.
