My web server recently received lot of fake RST packets, these packets faked normal client src addr and mac addr but with different TTL. I added one iptables rule as below to filter these packets: iptables -A INPUT -p tcp -i eth0 --tcp-flags ACK,SYN,FIN,RST,URG,PSH RST -j DROP This rule works, but client ofter can not view a complete webpage unless refresh the page a few times. Is there any way that i can find where these packet from? i can trace to one router according to the TTL value, but that's all i can do now. Or how can i filter these RST packet with iptables or something else without interfere normal http communication? -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
