[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: question re pfstat and recent isp downage



On Sat, Sep 03, 2005 at 06:57:54PM -0400, Peter Matulis wrote:
> Recently my internet connection went down for 2 hours.  When it came back
> I noticed pfstat reporting massive increase in "block in" speeds
> (packets/s).  I am wondering why this is happening.  It also skewes my
> previous stats. :(
> 
> I am filtering on my external interface only.
It looks like you have an almost idle uplink (less than 5 packets per
second), and the "massive increase" is from about one blocked packet
every ten seconds to about one per second.
Given low packet rates like these, you should be able to log each blocked
packet and investigate them individually. Looking at the blocked packets
might immediately tell you what is going on. If you got a new IP address
after the downtime, you might still be getting sporadic traffic of the
previous owner of the new IP address, for instance.
Daniel