hi,
i see lately many attempts from many (hundreds) ip's across the world but they all have the same srcmac
Do they really all come from the same system using spoofed addresses ? and should i make a block on mac address then ?
ulogd[24863]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth2" srcmac="00:a2:89:26:54:19" dstmac="xxxxxxx" srcip="190.172.76.20" dstip="xxxxxxx" proto="6" length="40" tos="0x00" prec="0x00" ttl="52" srcport="64143" dstport="23" tcpflags="SYN"
This thread was automatically locked due to age.