ipfw tcpack won't match a given ack #

Wed, 11 May 2016 12:52:04 -0700 

Hello,

This rule:

1      0         0 deny log logamount 1000 tcp from any to 100.100.224.66
tcpack 2

Won't match this attack pattern below.

Is tcpack supposed to match it? FreeBSD 10.2-STABLE #0 r292035M

Can I try to match it with some other tool? I tried pf but looks like it
won't filter (look into) this kind of information.

Thank you.

16:20:47.583871 IP 200.200.67.221.51352 > 100.100.224.66.80: Flags [.],

ack 2, win 0, length 0

16:20:47.584022 IP 200.200.67.221.51354 > 100.100.224.66.80: Flags [.],

ack 2, win 0, length 0

16:20:47.584324 IP 200.200.67.221.51353 > 100.100.224.66.80: Flags [.],

ack 2, win 0, length 0

16:20:47.584475 IP 200.200.67.221.51364 > 100.100.224.66.80: Flags [.],

ack 2, win 0, length 0

16:20:47.584718 IP 200.200.67.221.51353 > 100.100.224.66.80: Flags [.],

ack 2, win 0, length 0

16:20:47.584868 IP 200.200.67.221.51355 > 100.100.224.66.80: Flags [.],

ack 2, win 0, length 0

16:20:47.585169 IP 200.200.67.221.51353 > 100.100.224.66.80: Flags [.],

ack 2, win 0, length 0

16:20:47.585557 IP 200.200.67.221.51355 > 100.100.224.66.80: Flags [.],

ack 2, win 0, length 0

16:20:47.585623 IP 200.200.67.221.51351 > 100.100.224.66.80: Flags [.],

ack 2, win 0, length 0

16:20:47.585801 IP 200.200.67.221.51351 > 100.100.224.66.80: Flags [.],

ack 2, win 0, length 0

16:20:47.586081 IP 200.200.67.221.51351 > 100.100.224.66.80: Flags [.],

ack 2, win 0, length 0

16:20:47.586226 IP 200.200.67.221.51354 > 100.100.224.66.80: Flags [.],

ack 2, win 0, length 0

16:20:47.586649 IP 200.200.67.221.51351 > 100.100.224.66.80: Flags [.],

ack 2, win 0, length 0

16:20:47.586652 IP 200.200.67.221.51355 > 100.100.224.66.80: Flags [.],

ack 2, win 0, length 0

16:20:47.587124 IP 200.200.67.221.51355 > 100.100.224.66.80: Flags [.],

ack 2, win 0, length 0

16:20:47.587129 IP 200.200.67.221.51351 > 100.100.224.66.80: Flags [.],

ack 2, win 0, length 0
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Reply via email to