Hi, On the NANOG list there is a thread about something synflooding: https://mailman.nanog.org/pipermail/nanog/2019-August/102713.html
Most of my hosts are synflooded, and I was wondering why my OpenBSD hosts don't show any SYN_RECV states in a netstat -nafinet. I had to tcpdump to see a synflood happening on port 53 on one of my hosts, have to still check the other one. Could there be a bad pf rule I'm using? I suspect this is a worm of sorts or something. While not an emergency, it is inconvenient to pick out the synflooders with tcpdump. Is there any better tools? -peter
