a max-src-conn-rate that would identify an attack? all the
online examples are far too strict.
From: Valentin Bud
Sent: Wednesday, July 15, 2009 9:18 AM
To: Tony
Cc: freebsd-pf@freebsd.org
Subject: Re: question about max-src-conn and max-src-conn-rate
On Tue, Jul 14, 2009 at 6:12
Below is a packet filter snippet from my config file:
block drop log quick from
...
pass in quick on $ext_if proto tcp from any to port 80 flags S/SA keep
state (max-src-conn 80, max-src-conn-rate 200/2, overload flush global)
pass out quick on $int_if proto tcp from any to port 80 flags
.com.http: . ack 2739 win 65535
16:25:27.194848 PPPoE [ses 0x1a7b] IP mail.whatismyip.com.http >
66.48.11.93.4029: . ack 401 win 64000
Isn't this NAT? Why is this happening when there is no NAT configured
anywhere on this system?
Thanks,
Tony
__
