Um, if they have gotten a system in to your LAN I think you have bigger problems. If this is a real concern, I'd suggest that you look in to 802.1x (port) authentication.
This is a large university department where students and visitors use the lan. The computing officers are highly competent and doing their best to provide security, but, as you know, it's a constant battle.
Also remember that you can adjust the length of time for the "recent" window.
Right.
You can probably also mitigate the window by looking for the closing connection (at least with TCP)
This particular case involves udp. Thanks for your advice. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html