Hello,
Zombies are often attacking ports which don't have services running,
such as telnet (most popular indeed....), mysql, 3551, 8080, 13272, etc.
With a default pf block drop in on $ext_if, how can those source ips be
added to a <scanners> table? Which all can be dropped & small queued.
I've tried to overload a match statement, but that won't work.
Or is there something handy in ports to help?
Thanks.
--
By the time they had diminished from 50 to 8,
the other dwarves began to suspect "Hungry" ...
-- Gary Larson, "The Far Side"
