View Single Post
  #7   (View Single Post)  
Old 4th December 2013
irukandji irukandji is offline
Port Guard
 
Join Date: Jul 2013
Posts: 16
Default

Ok, i have solved it this way, i dont like it but it works... And captured one offender within first 5 minutes... Practically all service ports except few that i am using are booby trapped.

tcpdump -lq -n "(not src net x.x.x.x mask y.y.y.y) and ((tcp dst portrange n-nn) or (tcp dst portrange n1-nn1)" | awk '{split($3,a,"."); system("pfctl -t tarpit -T add "a[1]"."a[2]"."a[3]"."a[4]) }'
Reply With Quote