Re: pf add not working

To: Andy Ruhl <acruhl%gmail.com@localhost>
Subject: Re: pf add not working
From: "D'Arcy J.M. Cain" <darcy%NetBSD.org@localhost>
Date: Sat, 22 Nov 2014 09:40:27 -0500

On Sat, 22 Nov 2014 07:17:49 -0700
Andy Ruhl <acruhl%gmail.com@localhost> wrote:
> > So why would packets continue to come in for 2.5 hours?  My guess is
> > that the hacker is keeping the connection open and attacking over it
> > for 2.5 hours.  Does the packet filter not apply to existing
> > connections?  Is there some way to change that behaviour?
> >
> 
> Are you sure. that the connection stays open? Have you been watching
> it in netstat?

No, I only see it the next day when I notice how big my log file was
yesterday.  I am reasonably sure that it is the same connection though
because the sending port remains the same.  Unless someone is writing
code at an extremely low level that suggests to me that it is the same
connection.

> Restarting the application would close connections, or rebooting of
> course but I'm guessing you knew that...

Of course but it's a phone switch and users might get a bit pissed off
if I did that in the middle of their conversations.

I am also going to ask on the Asterisk list if there is a config option
to close connections on failure.

-- 
D'Arcy J.M. Cain <darcy%NetBSD.org@localhost>
http://www.NetBSD.org/ IM:darcy%Vex.Net@localhost

Follow-Ups:
- Re: pf add not working
  - From: D'Arcy J.M. Cain

References:
- pf add not working
  - From: D'Arcy J.M. Cain
- Re: pf add not working
  - From: Andy Ruhl

Prev by Date: pf add not working
Next by Date: Re: pf add not working
Previous by Thread: Re: pf add not working
Next by Thread: Re: pf add not working
Indexes:

Home | Main Index | Thread Index | Old Index