-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 8 Feb 2011 20:38, vchepkov@ wrote:
On Feb 8, 2011, at 8:36 PM, Helmut Schneider wrote:
Here are entries with pass in log enabled:
19:59:08.149358 rule 5/0(match): pass in on bce1: 93.174.31.134.36872 >
38.X.X.X.22: Flags [S], seq 441726758, win 5840, options [mss 1460,sackOK,TS val
395810874 ecr 0,nop,wscale 7], length 0
And 38.x.x.x is the external ip of your gateway?! (my last guess for
today^Wtonight...)
yes, it is
Your max-src-conn is higher than your initial max-src-conn-rate. Try
adjusting max-src-conn to 3 which is 1/3 of what your rate is and youll
find that you will have much different results.
Brute force attacks usually will come in faster than:
max-src-conn 5, max-src-conn-rate 15/30
which in it self is a little restrictive but works out in quite a few
instances where I have implemented this same functionality.
Good Luck,
- --
jhell
-----BEGIN PGP SIGNATURE-----
iQEcBAEBAgAGBQJNUiWuAAoJEJBXh4mJ2FR+gSUH/RI4ZR6XZ9alGRIBDuN6zj7j
F+9h/usJiLIRNrDZHG7NHxZiFKDiof9nVsvWR3Ho6QLwsZri7+kihY+i/21rBGMw
DclEO0CcnnGu7rkQflPQ0q3DTGJRh7kR+k7gnGH8udQHhoZOx1WVs46Md0W231S/
2tqKNYkANAeZewDmprF/smrg4GS2tKuiAzvVu4lgCPvzifn1DXPl4iWmJuAyL84W
oY/4m9ax8Rwy6q1IZNS1L+z5evSGMaxGUP+IeXWr/PgCoDm5VP9B/Nbqwrcb316m
SG81/Tuxex5gisCYd3052QsGfuCu8Z18CgPkyssTMHNXd9IIZLBFyw1tPleKTFE=
=o9x4
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
