Sent from my iPhone
> On Dec 23, 2023, at 4:53 PM, Tim Woodall <debianu...@woodall.me.uk> wrote:
>
> On Sat, 23 Dec 2023, David Christensen wrote:
>> Sending a RST to a falsified IP address would make the sending host into an
>> attacker by proxy. Why do you suggest it?
>>
> Because the OP wants it to stop. And the OP is running a server on this
> port that is clearly not responding properly or we'd at least see the
> syn+ack. Perhaps it cannot keep up with the connections.
>
> So the op needs to tell the problem clients to stop retrying.
>
> If it's malicious traffic then there's nothing the op can do to stop it
> except get a new ip or get their ISP to drop it before it gets to them.
>
> The op can try icmp port unreachable too. But that tells the client
> there's no server, rather than there's a tcp problem.
>
> If it's not a bandwidth problem then the op should just ignore it.
>
> Nobody, but nobody is going to send traffic to some random host with a
> fake source ip in the hopes someone will notice and start sending RST
> some tine later to that address instead of continuing to drop it.
>
I have a web server on my network.
I have a firewall on it that only accepts traffic from my internal network.
Therefore no knows it exists from the outside. That may not work for the op,
but his complaint was port 80 traffic to his personal pc. Which should not
have a web server running on it.
You can not do much about scans etc but you can restrict traffic to servers
only to your internal traffic. That was my one of my points in stating his
firewall wasn’t setup properly, the other is the firewall blocking icmp and
conpany. I use to do that many years ago and it resulting in 1/2 connections.
