On Fri, 27 Feb 2015 11:46:33 + (UTC)
Stuart Henderson s...@spacehopper.org wrote:
On 2015-02-26, D'Arcy J.M. Cain da...@vex.net wrote:
On Thu, 26 Feb 2015 21:49:15 +0100
Otto Moerbeek o...@drijf.net wrote:
What are you looking for specifically? I thought I posted all
the relevant
. It looks like
it took almost five minutes before the block started working. That's
better than some connections and it may simply be that they stopped.
Cheers.
--
D'Arcy J.M. Cain
System Administrator, Vex.Net
http://www.Vex.Net/ IM:da...@vex.net
VoIP: sip:da...@vex.net
On Thu, 26 Feb 2015 12:11:34 -0500
Ted Unangst t...@tedunangst.com wrote:
D'Arcy J.M. Cain wrote:
So why would packets continue to come in for 2.5 hours? My guess is
that the hacker is keeping the connection open and attacking over it
for 2.5 hours. Does the packet filter not apply
was in the AUTOBLOCK table with pfctl -tAUTOBLOCK -Ts.
--
D'Arcy J.M. Cain
System Administrator, Vex.Net
http://www.Vex.Net/ IM:da...@vex.net
VoIP: sip:da...@vex.net
have to diagnose things yourelf,
we can give only general directions.
My mistake. I do have that option. Not sure how I missed it before.
--
D'Arcy J.M. Cain
System Administrator, Vex.Net
http://www.Vex.Net/ IM:da...@vex.net
VoIP: sip:da...@vex.net
What does MULTIPLE:MULTIPLE mean?
pfctl -k kills an existing state.
But with my ruleset there shouldn't be any state to kill, right?
http://www.vex.net/~darcy/pf.conf
--
D'Arcy J.M. Cain
System Administrator, Vex.Net
http://www.Vex.Net/ IM:da...@vex.net
VoIP: sip:da...@vex.net
@14 pass in log on bge0 proto udp from any to any port = sip no state
Clearly no state. Is it just ignoring the option? Maybe I have to
modify my script.
pfctl -t AUTOBLOCK -T add $ip
pfctl -k $ip
--
D'Arcy J.M. Cain
System Administrator, Vex.Net
http://www.Vex.Net/ IM:da
7 matches
Mail list logo
