Date: Tue, 8 Feb 2011 20:38:13 -0500 From: Vadym Chepkov <vchepkov@gmail.com> To: "Helmut Schneider" <jumper99@gmx.de> Cc: freebsd-pf@FreeBSD.org Subject: Re: brutal SSH attacks Message-ID: <0523C307-8002-4257-89FA-8B8A6621F6D3@gmail.com> In-Reply-To: <7919038DEA4842A597EB84C9FD717FA7@charlieroot.de> References: <D04005BA-E154-4AE3-B14B-F9E6EF1269B0@gmail.com> <5A0B04327C334DA18745BFDBDBECE055@charlieroot.de> <A6E48F78-AC10-40DE-9345-86D14CC4D3A1@gmail.com> <98689EFE59404E4B838E79071AABA8B4@charlieroot.de> <56413CA2-EE4F-4E06-B044-0982E864E44D@gmail.com> <A141DF22-E35C-46BD-B88B-D68800812359@gmail.com> <7919038DEA4842A597EB84C9FD717FA7@charlieroot.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Feb 8, 2011, at 8:36 PM, Helmut Schneider wrote: >> Here are entries with pass in log enabled: >>=20 >> 19:59:08.149358 rule 5/0(match): pass in on bce1: 93.174.31.134.36872 = > 38.X.X.X.22: Flags [S], seq 441726758, win 5840, options [mss = 1460,sackOK,TS val 395810874 ecr 0,nop,wscale 7], length 0 >=20 > And 38.x.x.x is the external ip of your gateway?! (my last guess for = today^Wtonight...)=20 yes, it is
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0523C307-8002-4257-89FA-8B8A6621F6D3>