[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problems with PF - Doh!!




On Apr 11, 2005, at 2:04 PM, Abdul Rehman Gani wrote:


Hi,

Here was the problem... The src port was in the range being blocked. Thus all return packets were being denied...



16:28:07.109826 196.35.86.108.3158 > 66.102.11.104.80: S 1886978942:1886978942(0) win 8760 <mss 1460,nop,nop,sackOK> (DF)
16:28:10.020236 196.35.86.108.3158 > 66.102.11.104.80: S 1886978942:1886978942(0) win 8760 <mss 1460,nop,nop,sackOK> (DF)
16:28:16.033175 196.35.86.108.3158 > 66.102.11.104.80: S 1886978942:1886978942(0) win 8760 <mss 1460,nop,nop,sackOK> (DF)
16:28:27.991228 196.35.86.108.3159 > 66.102.11.99.80: S 1891819288:1891819288(0) win 8760 <mss 1460,nop,nop,sackOK> (DF)
16:28:31.017272 196.35.86.108.3159 > 66.102.11.99.80: S 1891819288:1891819288(0) win 8760 <mss 1460,nop,nop,sackOK> (DF)
16:28:37.034239 196.35.86.108.3159 > 66.102.11.99.80: S 1891819288:1891819288(0) win 8760 <mss 1460,nop,nop,sackOK> (DF)
16:29:52.028883 196.35.86.108.3164 > 66.102.11.104.80: S 1911278228:1911278228(0) win 8760 <mss 1460,nop,nop,sackOK> (DF)
16:29:54.919236 196.35.86.108.3164 > 66.102.11.104.80: S 1911278228:1911278228(0) win 8760 <mss 1460,nop,nop,sackOK> (DF)
16:30:00.933837 196.35.86.108.3164 > 66.102.11.104.80: S 1911278228:1911278228(0) win 8760 <mss 1460,nop,nop,sackOK> (DF)
16:30:12.871176 196.35.86.108.3165 > 66.102.11.99.80: S 1916126514:1916126514(0) win 8760 <mss 1460,nop,nop,sackOK> (DF)
16:30:15.918492 196.35.86.108.3165 > 66.102.11.99.80: S 1916126514:1916126514(0) win 8760 <mss 1460,nop,nop,sackOK> (DF)
16:30:21.933758 196.35.86.108.3165 > 66.102.11.99.80: S 1916126514:1916126514(0) win 8760 <mss 1460,nop,nop,sackOK> (DF)



Here was the rule causing it...


# block ms networking shit and mydoom
block in quick log proto { tcp, udp } from any to any port { 135, 137, 139, 3126><3199, 445, 1433 }


Thanks for everyone's help and comments!!

Abdul


East Coast Access Tel: 031-566-8080 Fax: 031-566-8010 Web: http://www.eastcoast.co.za