Am Donnerstag, den 24.09.2015, 10:39 +0200 schrieb Peter Hessler: > On 2015 Sep 23 (Wed) at 18:14:51 +0100 (+0100), Craig Skinner wrote:
> :Zombies are often attacking ports which don't have services running, > :such as telnet (most popular indeed....), mysql, 3551, 8080, 13272, > etc. > : [..] > :I've tried to overload a match statement, but that won't work. > : > > I've been playing with this, too. Overload won't work until the > packet > is processed by a userland process. I remember to have done it once. But when I look into that old configuration, I am not sure whether the "synproxy state" or the "rdr-to 127.0.0.1 port 9" part of the rule did the trick. -- David Dahlberg Fraunhofer FKIE, Dept. Communication Systems (KOM) | Tel: +49-228-9435-845 Fraunhoferstr. 20, 53343 Wachtberg, Germany | Fax: +49-228-856277