[wplug] netstat and a worrying connection
Brian A. Seklecki
lavalamp at spiritual-machines.org
Thu Nov 12 10:55:00 EST 2009
On Thu, 2009-11-12 at 09:35 -0500, Terence J. Golightly wrote:
> I will be googling, but thought one of you security experts
I would use pfctl(8) -F on pf(4) to flush a specific state from the
table. That will cause the forwarding device / upstream router (or
localhost if you have it enabled).
Either that, or insert a temporary rule that does "block
return-rst" (Which will force the client to reset the kernel socket
structure) for the specific source/destination address.
Most PF users have a pf(4) table (<wankers>) and a referenced standby
rule for use in DDoS situations.
~BAS
> out there might have an succinct and to the point answer.
More information about the wplug
mailing list