On Wed, Jul 11, 2012 at 6:59 PM, Matthew Dempsky <matt...@dempsky.org>wrote:
> On Wed, Jul 11, 2012 at 4:44 AM, Boutros Halingrad > <boutros.haling...@gmail.com> wrote: > > Problem is, the only address that get added to the <floodtargets> table > is > > that of the sending server. > > Right, sys/net/pf.c is hardcoded to use only the source address for > the overload table. (Search for "overload_tbl" to see the relevant > code.) > > > Any ideas on how to get the attack victims added to the table? > > I think you'll need to patch pf to support this. > Ah, just as I thought, thanks anyway. I ended up blocking the machine altogether.
