[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Very Annoying problem... blocks everything...



I know it's long.. but several want to see this...
I used the "quick" commands just because they stop there and exit...  I
figured it would be faster to write it that way and get exactly what I want.
I can just state what I want to pass, then kill everything else.
btw, I have 4 /22's going through this box.  You can see how many NetBIOS
scans I get.
"tcpdump -netttti pflog0" output   Keep in mind, this is only about 0.3
seconds...
============================================
Dec 16 22:08:16.628541 rule 449/0(match): pass in on dc1: 65.172.62.47.5555
> 205.177.62.71.5555:  udp 40
Dec 16 22:08:16.628550 rule 450/0(match): pass out on dc0: 65.172.62.47.5555
> 205.177.62.71.5555:  udp 40
Dec 16 22:08:16.668056 rule 449/0(match): pass in on dc0:
159.153.255.253.18501 > 65.172.62.141.2717: . ack 30 win 24656 (DF)
Dec 16 22:08:16.668073 rule 450/0(match): pass out on dc1:
159.153.255.253.18501 > 65.172.62.141.2717: . ack 30 win 24656 (DF)
Dec 16 22:08:16.674948 rule 449/0(match): pass in on dc0: 137.104.75.93.1214
> 65.172.62.55.4764: . ack 1 win 64223 (DF)
Dec 16 22:08:16.674959 rule 450/0(match): pass out on dc1:
137.104.75.93.1214 > 65.172.62.55.4764: . ack 1 win 64223 (DF)
Dec 16 22:08:16.679436 rule 449/0(match): pass in on dc1: 65.172.62.47.5555
> 205.177.62.71.5555:  udp 40
Dec 16 22:08:16.679459 rule 450/0(match): pass out on dc0: 65.172.62.47.5555
> 205.177.62.71.5555:  udp 40
Dec 16 22:08:16.703918 rule 449/0(match): pass in on dc0: 66.218.70.32.5000
> 65.172.62.168.5000:  udp 112
Dec 16 22:08:16.703929 rule 450/0(match): pass out on dc1: 66.218.70.32.5000
> 65.172.62.168.5000:  udp 112
Dec 16 22:08:16.704832 rule 449/0(match): pass in on dc0:
159.153.254.193.16101 > 65.172.62.61.1851: . ack 125 win 9112 (DF)
Dec 16 22:08:16.704845 rule 450/0(match): pass out on dc1:
159.153.254.193.16101 > 65.172.62.61.1851: . ack 125 win 9112 (DF)
Dec 16 22:08:16.709064 rule 449/0(match): pass in on dc1: 65.172.62.55.4763
> 66.27.97.83.2528: . ack 1461 win 8760 (DF)
Dec 16 22:08:16.709075 rule 450/0(match): pass out on dc0: 65.172.62.55.4763
> 66.27.97.83.2528: . ack 1461 win 8760 (DF)
Dec 16 22:08:16.717121 rule 449/0(match): pass in on dc1: 65.172.62.143.1044
> 63.241.83.184.4000: . ack 1744 win 8898 (DF)
Dec 16 22:08:16.717136 rule 450/0(match): pass out on dc0:
65.172.62.143.1044 > 63.241.83.184.4000: . ack 1744 win 8898 (DF)
Dec 16 22:08:16.728991 rule 449/0(match): pass in on dc1: 65.172.62.47.5555
> 205.177.62.71.5555:  udp 40
Dec 16 22:08:16.729019 rule 450/0(match): pass out on dc0: 65.172.62.47.5555
> 205.177.62.71.5555:  udp 40
Dec 16 22:08:16.745427 rule 449/0(match): pass in on dc0:
208.254.16.84.34313 > 65.172.62.176.1115:  udp 66 (DF)
Dec 16 22:08:16.745444 rule 450/0(match): pass out on dc1:
208.254.16.84.34313 > 65.172.62.176.1115:  udp 66 (DF)
Dec 16 22:08:16.768261 rule 449/0(match): pass in on dc0:
159.153.255.253.18501 > 65.172.62.141.2717: . ack 31 win 24656 (DF)
Dec 16 22:08:16.768273 rule 450/0(match): pass out on dc1:
159.153.255.253.18501 > 65.172.62.141.2717: . ack 31 win 24656 (DF)
Dec 16 22:08:16.769133 rule 449/0(match): pass in on dc1: 65.172.62.47.5555
> 205.177.62.71.5555:  udp 40
Dec 16 22:08:16.769145 rule 450/0(match): pass out on dc0: 65.172.62.47.5555
> 205.177.62.71.5555:  udp 40
Dec 16 22:08:16.772831 rule 449/0(match): pass in on dc0: 63.241.83.184.4000
> 65.172.62.143.1044: P 1744:1755(11) ack 67 win 65263
Dec 16 22:08:16.772843 rule 450/0(match): pass out on dc1:
63.241.83.184.4000 > 65.172.62.143.1044: P 1744:1755(11) ack 67 win 65263
Dec 16 22:08:16.787941 rule 449/0(match): pass in on dc1: 65.172.62.143.1044
> 63.241.83.184.4000: P 67:72(5) ack 1744 win 8898 (DF)
Dec 16 22:08:16.787968 rule 450/0(match): pass out on dc0:
65.172.62.143.1044 > 63.241.83.184.4000: P 67:72(5) ack 1744 win 8898 (DF)
Dec 16 22:08:16.800304 rule 449/0(match): pass in on dc1: 65.172.62.47.5555
> 205.177.62.71.5555:  udp 40
Dec 16 22:08:16.800326 rule 450/0(match): pass out on dc0: 65.172.62.47.5555
> 205.177.62.71.5555:  udp 40
Dec 16 22:08:16.803162 rule 449/0(match): pass in on dc0: 66.218.70.32.5000
> 65.172.62.168.5000:  udp 112
Dec 16 22:08:16.803175 rule 450/0(match): pass out on dc1: 66.218.70.32.5000
> 65.172.62.168.5000:  udp 112
Dec 16 22:08:16.807216 rule 449/0(match): pass in on dc0: 66.27.97.83.2528 >
65.172.62.55.4763: . 8761:10221(1460) ack 0 win 63844 (DF)
Dec 16 22:08:16.807234 rule 450/0(match): pass out on dc1: 66.27.97.83.2528
> 65.172.62.55.4763: . 8761:10221(1460) ack 0 win 63844 (DF)
Dec 16 22:08:16.817426 rule 449/0(match): pass in on dc1: 65.172.62.143.1044
> 63.241.83.184.4000: . ack 1744 win 8898 (DF)
Dec 16 22:08:16.817438 rule 450/0(match): pass out on dc0:
65.172.62.143.1044 > 63.241.83.184.4000: . ack 1744 win 8898 (DF)
Dec 16 22:08:16.820702 rule 449/0(match): pass in on dc1: 65.172.62.47.5555
> 205.177.62.71.5555:  udp 40
Dec 16 22:08:16.820729 rule 450/0(match): pass out on dc0: 65.172.62.47.5555
> 205.177.62.71.5555:  udp 40
Dec 16 22:08:16.836857 rule 449/0(match): pass in on dc1: 65.172.62.143.1044
> 63.241.83.184.4000: . ack 1744 win 8898 (DF)
Dec 16 22:08:16.836880 rule 450/0(match): pass out on dc0:
65.172.62.143.1044 > 63.241.83.184.4000: . ack 1744 win 8898 (DF)
Dec 16 22:08:16.840473 rule 449/0(match): pass in on dc1: 65.172.62.47.5555
> 205.177.62.71.5555:  udp 40
Dec 16 22:08:16.840493 rule 450/0(match): pass out on dc0: 65.172.62.47.5555
> 205.177.62.71.5555:  udp 40
Dec 16 22:08:16.886937 rule 449/0(match): pass in on dc0:
208.254.16.84.34313 > 65.172.62.176.1115:  udp 15 (DF)
Dec 16 22:08:16.886967 rule 450/0(match): pass out on dc1:
208.254.16.84.34313 > 65.172.62.176.1115:  udp 15 (DF)
Dec 16 22:08:16.903793 rule 449/0(match): pass in on dc0: 66.218.70.32.5000
> 65.172.62.168.5000:  udp 112
Dec 16 22:08:16.903804 rule 450/0(match): pass out on dc1: 66.218.70.32.5000
> 65.172.62.168.5000:  udp 112
Dec 16 22:08:16.909108 rule 449/0(match): pass in on dc1: 65.172.62.47.5555
> 205.177.62.71.5555:  udp 40
Dec 16 22:08:16.909123 rule 450/0(match): pass out on dc0: 65.172.62.47.5555
> 205.177.62.71.5555:  udp 40
Dec 16 22:08:16.909349 rule 449/0(match): pass in on dc1: 65.172.62.176.1114
> 208.254.16.80.10622: . ack 2023 win 9101 (DF)
Dec 16 22:08:16.909361 rule 450/0(match): pass out on dc0:
65.172.62.176.1114 > 208.254.16.80.10622: . ack 2023 win 9101 (DF)
Dec 16 22:08:16.909853 rule 449/0(match): pass in on dc1: 65.172.62.163.1637
> 66.218.68.225.11999: . ack 2228 win 8576 (DF)
Dec 16 22:08:16.909863 rule 450/0(match): pass out on dc0:
65.172.62.163.1637 > 66.218.68.225.11999: . ack 2228 win 8576 (DF)
Dec 16 22:08:16.920009 rule 449/0(match): pass in on dc0: 63.241.83.184.4000
> 65.172.62.143.1044: P 1744:1755(11) ack 72 win 65258
Dec 16 22:08:16.920024 rule 450/0(match): pass out on dc1:
63.241.83.184.4000 > 65.172.62.143.1044: P 1744:1755(11) ack 72 win 65258
Dec 16 22:08:16.938555 rule 449/0(match): pass in on dc1: 65.172.62.170.3931
> 202.154.154.74.14331: . 15409:16869(1460) ack 0 win 8422 (DF)
Dec 16 22:08:16.938576 rule 450/0(match): pass out on dc0:
65.172.62.170.3931 > 202.154.154.74.14331: . 15409:16869(1460) ack 0 win
8422 (DF)
Dec 16 22:08:16.947776 rule 449/0(match): pass in on dc1: 65.172.62.141.2717
> 159.153.255.253.18501: P 31:46(15) ack 54 win 8408 (DF)
Dec 16 22:08:16.947787 rule 450/0(match): pass out on dc0:
65.172.62.141.2717 > 159.153.255.253.18501: P 31:46(15) ack 54 win 8408 (DF)
Dec 16 22:08:16.968307 rule 449/0(match): pass in on dc1: 65.172.62.47.5555
> 205.177.62.71.5555:  udp 40
Dec 16 22:08:16.968348 rule 450/0(match): pass out on dc0: 65.172.62.47.5555
> 205.177.62.71.5555:  udp 40
Dec 16 22:08:16.975117 rule 449/0(match): pass in on dc0: 66.218.70.32.5000
> 65.172.62.168.5000:  udp 112
Dec 16 22:08:16.975135 rule 450/0(match): pass out on dc1: 66.218.70.32.5000
> 65.172.62.168.5000:  udp 112
Dec 16 22:08:16.975369 rule 449/0(match): pass in on dc0: 68.40.56.75.4934 >
208.23.207.24.445: S 974117744:974117744(0) win 16384 <mss
1460,nop,nop,sackOK> (DF)
Dec 16 22:08:16.975387 rule 450/0(match): pass out on dc0: 68.40.56.75.4934
> 208.23.207.24.445: S 974117744:974117744(0) win 16384 <mss
1460,nop,nop,sackOK> (DF)
Dec 16 22:08:16.975470 rule 449/0(match): pass in on dc0: 68.40.56.75.4934 >
208.23.207.24.445: S 974117744:974117744(0) win 16384 <mss
1460,nop,nop,sackOK> (DF)
Dec 16 22:08:16.975477 rule 450/0(match): pass out on dc0: 68.40.56.75.4934
> 208.23.207.24.445: S 974117744:974117744(0) win 16384 <mss
1460,nop,nop,sackOK> (DF)
Dec 16 22:08:16.975558 rule 449/0(match): pass in on dc0: 68.40.56.75.4934 >
208.23.207.24.445: S 974117744:974117744(0) win 16384 <mss
1460,nop,nop,sackOK> (DF)
Dec 16 22:08:16.975565 rule 450/0(match): pass out on dc0: 68.40.56.75.4934
> 208.23.207.24.445: S 974117744:974117744(0) win 16384 <mss
1460,nop,nop,sackOK> (DF)
Dec 16 22:08:16.975647 rule 449/0(match): pass in on dc0: 68.40.56.75.4934 >
208.23.207.24.445: S 974117744:974117744(0) win 16384 <mss
1460,nop,nop,sackOK> (DF)
Dec 16 22:08:16.975653 rule 450/0(match): pass out on dc0: 68.40.56.75.4934
> 208.23.207.24.445: S 974117744:974117744(0) win 16384 <mss
1460,nop,nop,sackOK> (DF)
Dec 16 22:08:16.975733 rule 449/0(match): pass in on dc0: 68.40.56.75.4934 >
208.23.207.24.445: S 974117744:974117744(0) win 16384 <mss
1460,nop,nop,sackOK> (DF)
Dec 16 22:08:16.975740 rule 450/0(match): pass out on dc0: 68.40.56.75.4934
> 208.23.207.24.445: S 974117744:974117744(0) win 16384 <mss
1460,nop,nop,sackOK> (DF)
Dec 16 22:08:16.975820 rule 449/0(match): pass in on dc0: 68.40.56.75.4934 >
208.23.207.24.445: S 974117744:974117744(0) win 16384 <mss
1460,nop,nop,sackOK> (DF)
=========================================================================
"tcpdump -r iplog"  output
=========================================================================
22:08:16.628541 65.172.62.47.5555 > 205.177.62.71.5555:  udp 40
22:08:16.628551 65.172.62.47.5555 > 205.177.62.71.5555:  udp 40
22:08:16.668057 159.153.255.253.18501 > 65.172.62.141.2717: . ack 5081 win
24656 (DF)
22:08:16.668073 159.153.255.253.18501 > 65.172.62.141.2717: . ack 5081 win
24656 (DF)
22:08:16.674948 137.104.75.93.1214 > 65.172.62.55.4764: . ack 18 win 64223
(DF)
22:08:16.674959 137.104.75.93.1214 > 65.172.62.55.4764: . ack 18 win 64223
(DF)
22:08:16.679437 65.172.62.47.5555 > 205.177.62.71.5555:  udp 40
22:08:16.679459 65.172.62.47.5555 > 205.177.62.71.5555:  udp 40
22:08:16.703919 66.218.70.32.5000 > 65.172.62.168.5000:  udp 112
22:08:16.703930 66.218.70.32.5000 > 65.172.62.168.5000:  udp 112
22:08:16.704832 159.153.254.193.16101 > 65.172.62.61.1851: . ack 4302 win
9112 (DF)
22:08:16.704846 159.153.254.193.16101 > 65.172.62.61.1851: . ack 4302 win
9112 (DF)
22:08:16.709065 65.172.62.55.4763 > 66.27.97.83.2528: . ack 11681 win 8760
(DF)
22:08:16.709076 65.172.62.55.4763 > 66.27.97.83.2528: . ack 11681 win 8760
(DF)
22:08:16.717122 65.172.62.143.1044 > 63.241.83.184.4000: . ack 31326 win
8898 (DF)
22:08:16.717136 65.172.62.143.1044 > 63.241.83.184.4000: . ack 31326 win
8898 (DF)
22:08:16.728992 65.172.62.47.5555 > 205.177.62.71.5555:  udp 40
22:08:16.729019 65.172.62.47.5555 > 205.177.62.71.5555:  udp 40
22:08:16.745428 208.254.16.84.34313 > 65.172.62.176.1115:  udp 66 (DF)
22:08:16.745444 208.254.16.84.34313 > 65.172.62.176.1115:  udp 66 (DF)
22:08:16.768262 159.153.255.253.18501 > 65.172.62.141.2717: . ack 5082 win
24656 (DF)
22:08:16.768273 159.153.255.253.18501 > 65.172.62.141.2717: . ack 5082 win
24656 (DF)
22:08:16.769134 65.172.62.47.5555 > 205.177.62.71.5555:  udp 40
22:08:16.769146 65.172.62.47.5555 > 205.177.62.71.5555:  udp 40
22:08:16.772831 63.241.83.184.4000 > 65.172.62.143.1044: P 31326:31337(11)
ack 4117 win 65263
22:08:16.772843 63.241.83.184.4000 > 65.172.62.143.1044: P 31326:31337(11)
ack 4117 win 65263
22:08:16.787942 65.172.62.143.1044 > 63.241.83.184.4000: P 4117:4122(5) ack
31326 win 8898 (DF)
22:08:16.787968 65.172.62.143.1044 > 63.241.83.184.4000: P 4117:4122(5) ack
31326 win 8898 (DF)
22:08:16.800304 65.172.62.47.5555 > 205.177.62.71.5555:  udp 40
22:08:16.800326 65.172.62.47.5555 > 205.177.62.71.5555:  udp 40
22:08:16.803162 66.218.70.32.5000 > 65.172.62.168.5000:  udp 112
22:08:16.803175 66.218.70.32.5000 > 65.172.62.168.5000:  udp 112
22:08:16.807217 66.27.97.83.2528 > 65.172.62.55.4763: . 18981:20441(1460)
ack 397 win 63844 (DF)
22:08:16.807235 66.27.97.83.2528 > 65.172.62.55.4763: . 18981:20441(1460)
ack 397 win 63844 (DF)
22:08:16.817427 65.172.62.143.1044 > 63.241.83.184.4000: . ack 31326 win
8898 (DF)
22:08:16.817439 65.172.62.143.1044 > 63.241.83.184.4000: . ack 31326 win
8898 (DF)
22:08:16.820703 65.172.62.47.5555 > 205.177.62.71.5555:  udp 40
22:08:16.820730 65.172.62.47.5555 > 205.177.62.71.5555:  udp 40
22:08:16.836858 65.172.62.143.1044 > 63.241.83.184.4000: . ack 31326 win
8898 (DF)
22:08:16.836881 65.172.62.143.1044 > 63.241.83.184.4000: . ack 31326 win
8898 (DF)
22:08:16.840473 65.172.62.47.5555 > 205.177.62.71.5555:  udp 40
22:08:16.840494 65.172.62.47.5555 > 205.177.62.71.5555:  udp 40
22:08:16.886938 208.254.16.84.34313 > 65.172.62.176.1115:  udp 15 (DF)
22:08:16.886967 208.254.16.84.34313 > 65.172.62.176.1115:  udp 15 (DF)
22:08:16.903794 66.218.70.32.5000 > 65.172.62.168.5000:  udp 112
22:08:16.903805 66.218.70.32.5000 > 65.172.62.168.5000:  udp 112
22:08:16.909109 65.172.62.47.5555 > 205.177.62.71.5555:  udp 40
22:08:16.909123 65.172.62.47.5555 > 205.177.62.71.5555:  udp 40
22:08:16.909349 65.172.62.176.1114 > 208.254.16.80.10622: . ack 78610 win
9101 (DF)
22:08:16.909362 65.172.62.176.1114 > 208.254.16.80.10622: . ack 78610 win
9101 (DF)
22:08:16.909854 65.172.62.163.1637 > 66.218.68.225.11999: . ack 2228 win
8576 (DF)
22:08:16.909864 65.172.62.163.1637 > 66.218.68.225.11999: . ack 2228 win
8576 (DF)
22:08:16.920009 63.241.83.184.4000 > 65.172.62.143.1044: P 31326:31337(11)
ack 4122 win 65258
22:08:16.920025 63.241.83.184.4000 > 65.172.62.143.1044: P 31326:31337(11)
ack 4122 win 65258
22:08:16.938556 65.172.62.170.3931 > 202.154.154.74.14331: .
602316:603776(1460) ack 339 win 8422 (DF)
22:08:16.938577 65.172.62.170.3931 > 202.154.154.74.14331: .
602316:603776(1460) ack 339 win 8422 (DF)
22:08:16.947777 65.172.62.141.2717 > 159.153.255.253.18501: P 5082:5097(15)
ack 3723 win 8408 (DF)
22:08:16.947788 65.172.62.141.2717 > 159.153.255.253.18501: P 5082:5097(15)
ack 3723 win 8408 (DF)
22:08:16.968308 65.172.62.47.5555 > 205.177.62.71.5555:  udp 40
22:08:16.968349 65.172.62.47.5555 > 205.177.62.71.5555:  udp 40
22:08:16.975118 66.218.70.32.5000 > 65.172.62.168.5000:  udp 112
22:08:16.975136 66.218.70.32.5000 > 65.172.62.168.5000:  udp 112
22:08:16.975370 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.975387 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.975470 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.975477 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.975558 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.975565 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.975647 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.975654 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.975734 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.975741 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.975821 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.975828 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.975909 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.975916 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.975996 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.976003 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.976083 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.976090 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.976272 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.976278 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.976359 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.976365 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.976445 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.976452 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.976530 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.976537 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.976617 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.976623 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.976703 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.976709 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.976788 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.976795 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.976876 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.976882 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.976974 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.976981 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.977061 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.977068 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.977147 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.977154 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.977233 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.977240 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.977319 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.977325 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.977404 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.977411 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.977514 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.977520 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.977612 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.977619 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.977698 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.977705 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.977784 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.977791 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.977871 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.977878 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.977958 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.977965 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.978046 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.978053 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.978133 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.978139 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.978219 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.978225 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.978305 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.978312 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.978445 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.978453 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.978539 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.978546 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.978625 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.978632 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.978713 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.978719 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.978799 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.978806 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.978886 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.978892 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.978973 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.978979 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.979059 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.979065 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.979145 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.979152 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.979250 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.979257 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.979270 65.172.62.47.5555 > 205.177.62.71.5555:  udp 40
22:08:16.979284 65.172.62.47.5555 > 205.177.62.71.5555:  udp 40
22:08:16.979348 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.979356 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.979437 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.979444 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.979525 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.979532 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.979612 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.979618 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.979698 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.979704 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.979785 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.979791 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.979872 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.979879 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.979959 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
22:08:16.979965 68.40.56.75.4934 > 208.23.207.24.445: S
974117744:974117744(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
============================================================================
===========
-----Original Message-----
From: owner-pf@benzedrine.cx [mailto:owner-pf@benzedrine.cx]On Behalf Of
Jason Dixon
Sent: Monday, December 16, 2002 9:52 PM
To: PF Mailing List
Subject: RE: Very Annoying problem... blocks everything...
On Mon, 2002-12-16 at 22:46, Shawn Mitchell wrote:
> on the "tcpdump -nettti pflog0" command, should everything match the last
> two rules, which are:
>
> pass in log quick inet from any to any
> pass out log quick inet from any to any
No.  You have a gazillion other "quick" rules in front of these.  The
first one that matches is going to force the action.  That's why "quick"
should be used very conservatively.
Otherwise, last match wins.
> They were block, but I changed them to pass so I could better see what's
> going on with live traffic...
Don't start changing your rules without monitoring your traffic.  What
kind of logged traffic are you seeing?  We can't help you if you don't
work with us.
-J.