ipfw tcpack won't match a given ack #
Ze Claudio Pastore
zclaudio at bsd.com.br
Wed May 11 19:51:13 UTC 2016
Hello,
This rule:
1 0 0 deny log logamount 1000 tcp from any to 100.100.224.66
tcpack 2
Won't match this attack pattern below.
Is tcpack supposed to match it? FreeBSD 10.2-STABLE #0 r292035M
Can I try to match it with some other tool? I tried pf but looks like it
won't filter (look into) this kind of information.
Thank you.
16:20:47.583871 IP 200.200.67.221.51352 > 100.100.224.66.80: Flags [.],
ack 2, win 0, length 0
16:20:47.584022 IP 200.200.67.221.51354 > 100.100.224.66.80: Flags [.],
ack 2, win 0, length 0
16:20:47.584324 IP 200.200.67.221.51353 > 100.100.224.66.80: Flags [.],
ack 2, win 0, length 0
16:20:47.584475 IP 200.200.67.221.51364 > 100.100.224.66.80: Flags [.],
ack 2, win 0, length 0
16:20:47.584718 IP 200.200.67.221.51353 > 100.100.224.66.80: Flags [.],
ack 2, win 0, length 0
16:20:47.584868 IP 200.200.67.221.51355 > 100.100.224.66.80: Flags [.],
ack 2, win 0, length 0
16:20:47.585169 IP 200.200.67.221.51353 > 100.100.224.66.80: Flags [.],
ack 2, win 0, length 0
16:20:47.585557 IP 200.200.67.221.51355 > 100.100.224.66.80: Flags [.],
ack 2, win 0, length 0
16:20:47.585623 IP 200.200.67.221.51351 > 100.100.224.66.80: Flags [.],
ack 2, win 0, length 0
16:20:47.585801 IP 200.200.67.221.51351 > 100.100.224.66.80: Flags [.],
ack 2, win 0, length 0
16:20:47.586081 IP 200.200.67.221.51351 > 100.100.224.66.80: Flags [.],
ack 2, win 0, length 0
16:20:47.586226 IP 200.200.67.221.51354 > 100.100.224.66.80: Flags [.],
ack 2, win 0, length 0
16:20:47.586649 IP 200.200.67.221.51351 > 100.100.224.66.80: Flags [.],
ack 2, win 0, length 0
16:20:47.586652 IP 200.200.67.221.51355 > 100.100.224.66.80: Flags [.],
ack 2, win 0, length 0
16:20:47.587124 IP 200.200.67.221.51355 > 100.100.224.66.80: Flags [.],
ack 2, win 0, length 0
16:20:47.587129 IP 200.200.67.221.51351 > 100.100.224.66.80: Flags [.],
ack 2, win 0, length 0
More information about the freebsd-net
mailing list