From owner-freebsd-questions@FreeBSD.ORG Thu May 29 18:57:18 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 18B3737B401 for ; Thu, 29 May 2003 18:57:18 -0700 (PDT) Received: from mtiwmhc12.worldnet.att.net (mtiwmhc12.worldnet.att.net [204.127.131.116]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5343E43F85 for ; Thu, 29 May 2003 18:57:17 -0700 (PDT) (envelope-from t.zim@att.net) Received: from att.net (36.knoxville-05-10rs.tn.dial-access.att.net[12.93.212.36]) by mtiwmhc12.worldnet.att.net (mtiwmhc12) with SMTP id <2003053001571511200nujvae>; Fri, 30 May 2003 01:57:15 +0000 Message-ID: <3ED6BA5A.3000904@att.net> Date: Thu, 29 May 2003 21:56:42 -0400 From: Todd Zimmermann User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.3) Gecko/20030421 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: General DDOS curiousity X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 May 2003 01:57:18 -0000 This isn't so much a question as a curiosity I noticed tonight. I have a dialup account with att.net & get a dynamic ip in the 12.93 block. While logging in tonight and initializing ipfilter, I noticed 7 blocked input packets right away. No big deal, but I checked my log. Each packet was from a diff ip, but all to port 41170 UDP... Now I'm up to 501 blocked packets, unique ips but same port. I've logged into scans before, but nothing like this. Anyone else on att notice this or any comments? 523 blocked...