Lawrence Farr wrote:
I'm using pfsense to protect a number of web/mail/ftp servers, which it does fantastically. Since upgrading to the 1.0 Betas it seems to be running out of available states very quickly. I've upped the state table to 20000 and it's run out within a few hours. Most of the states seem to be http access with successive source/destination ports eg:
That kind of looks like a potential DoS or DDoS. That many successive connections from a single host that never get closed should typically never happen on a web server. Looks malicious to me, but I'd be curious to see what others think. About how many states per IP do you have? Look through your web server logs and see what those IP's that are hanging there are attempting to do, as that might help determine whether it's a legit user or malicious traffic.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
