Site Navigation

Date:      Wed, 11 May 2016 16:51:12 -0300
From:      Ze Claudio Pastore <zclaudio@bsd.com.br>
To:        freebsd-net <freebsd-net@freebsd.org>
Subject:   ipfw tcpack won't match a given ack #
Message-ID:  <CAEGk6G4-UAakazhomzmSDDvc2aDtS4kMb%2B9hj60=6a2DiXuE2Q@mail.gmail.com>

---

next in thread | raw e-mail | index | archive | help

---

Hello,

This rule:

1      0         0 deny log logamount 1000 tcp from any to 100.100.224.66
tcpack 2

Won't match this attack pattern below.

Is tcpack supposed to match it? FreeBSD 10.2-STABLE #0 r292035M

Can I try to match it with some other tool? I tried pf but looks like it
won't filter (look into) this kind of information.

Thank you.

16:20:47.583871 IP 200.200.67.221.51352 > 100.100.224.66.80: Flags [.],

ack 2, win 0, length 0

16:20:47.584022 IP 200.200.67.221.51354 > 100.100.224.66.80: Flags [.],

ack 2, win 0, length 0

16:20:47.584324 IP 200.200.67.221.51353 > 100.100.224.66.80: Flags [.],

ack 2, win 0, length 0

16:20:47.584475 IP 200.200.67.221.51364 > 100.100.224.66.80: Flags [.],

ack 2, win 0, length 0

16:20:47.584718 IP 200.200.67.221.51353 > 100.100.224.66.80: Flags [.],

ack 2, win 0, length 0

16:20:47.584868 IP 200.200.67.221.51355 > 100.100.224.66.80: Flags [.],

ack 2, win 0, length 0

16:20:47.585169 IP 200.200.67.221.51353 > 100.100.224.66.80: Flags [.],

ack 2, win 0, length 0

16:20:47.585557 IP 200.200.67.221.51355 > 100.100.224.66.80: Flags [.],

ack 2, win 0, length 0

16:20:47.585623 IP 200.200.67.221.51351 > 100.100.224.66.80: Flags [.],

ack 2, win 0, length 0

16:20:47.585801 IP 200.200.67.221.51351 > 100.100.224.66.80: Flags [.],

ack 2, win 0, length 0

16:20:47.586081 IP 200.200.67.221.51351 > 100.100.224.66.80: Flags [.],

ack 2, win 0, length 0

16:20:47.586226 IP 200.200.67.221.51354 > 100.100.224.66.80: Flags [.],

ack 2, win 0, length 0

16:20:47.586649 IP 200.200.67.221.51351 > 100.100.224.66.80: Flags [.],

ack 2, win 0, length 0

16:20:47.586652 IP 200.200.67.221.51355 > 100.100.224.66.80: Flags [.],

ack 2, win 0, length 0

16:20:47.587124 IP 200.200.67.221.51355 > 100.100.224.66.80: Flags [.],

ack 2, win 0, length 0

16:20:47.587129 IP 200.200.67.221.51351 > 100.100.224.66.80: Flags [.],

ack 2, win 0, length 0

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAEGk6G4-UAakazhomzmSDDvc2aDtS4kMb%2B9hj60=6a2DiXuE2Q>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact