On Thursday 11 December 2003 23:52, Ian Hunter wrote: > There are no users on that box though, and it's not web browser traffic > because the SOURCE port is 80, not the dest port, so this is web traffic > being served by that box for sure... > > I've seen references to doing --reply-with tcp-reject to this sort of > packet... ??? Hmmm, I wouldn't expect a SYN/ACK reply to be on a high port. I'm more of a rules and logging kind of guy so I'm afraid you'll need to wait until the tcp/ip (i.e. smart) people wake up. Jeff
