From the new firewall’s syslog:

Wed Jun  6 17:26:05 2007
RGFW-IN: BLOCK-SYNFLOOD (TCP 76.171.170.53:34556->204.128.136.1:80 on ixp1) [200,0]
Wed Jun  6 17:19:22 2007
SYSLOG_NK-(System Log)Mail sending to [redacted] successfully !

Seems like the box think’s there’s a SYN flood attack, which is a particular type of denial of service.

False alarm? Occurring all along and just now visible? Can’t tell. Does make me wonder if my old OpenBSD pf rules were also working on these. pf is amazing for firewalls.

(The IP points to a host on the Road Runner cable modem network, I assume its a pwned Windows box.