Sean Knox wrote:
<tcpdump logs and pf.conf snipped>The only people who can help is your ISP. Talk to them and hopefully they can trace the attack upstream.
I once added this to pf.conf to mitigate a DDoS. It appeared to have worked, but it may have been a placebo effect ;)
set optimization aggressive
set timeout tcp.first 45
set timeout tcp.established 43200
set timeout { adaptive.start 30000, adaptive.end 45000 }
set limit states 40000
-Jeff
