On Tue, Sep 20, 2005 at 02:11:44PM +0200, frantisek holop wrote: > hmm, on Mon, Sep 19, 2005 at 06:33:16PM -0600, jared r r spiegel said that > > > > what is the noise exactly?
looks like TCP:6346 and UDP:1434 covers about half of that. if you're always doing flags S/SA and keeping state on your tcp, you could block (w/o log) flags R/R. after tht there's a few UDP:3223s and randomness. > 62.24.90/24 is my network, .1 is the gateway .255 is the broadcast, so i > understand why i get everything in between... or what about something easy like: block in on ne3 from any to !ne3 (without log) > the other nets, i don't know you could add -e to the tcpdump, and compare to your arp table, maybe some of the other nets are routed to one of the IPs in that /24. ( eg - if the destination IP is one of those other nets, but the destination ethernet is one of the hosts in your /24 you know about ) jared -- [ openbsd 3.8 GENERIC ( sep 10 ) // i386 ]
