Never mind, I exited airhead mode. pfctl -ss does what I need. However
I approached things from
non-root perspective and pfctl requires root privs. Sometimes I
surprise myself that I have root.
Cheers,
-peter
On 8/20/19 7:36 PM, Peter J. Philipp wrote:
Hi,
On the NANOG list there is a thread about something synflooding:
https://mailman.nanog.org/pipermail/nanog/2019-August/102713.html
Most of my hosts are synflooded, and I was wondering why my OpenBSD
hosts don't show any SYN_RECV states in a netstat -nafinet. I had to tcpdump
to see a synflood happening on port 53 on one of my hosts, have to
still check the other one. Could there be a bad pf rule I'm
using? I suspect this is a worm of sorts or something.
While not an emergency, it is inconvenient to pick out the synflooders
with tcpdump. Is there any better tools?
-peter
