Tim Nelson wrote:
> Increase your firewall state size...
I do not want to build an image from scratch with recompiled binaries to
fight a threat that will fade in a week or two... A little tough there.
> What ports?
Seems to be random source and destination ports in the 4-5 digit range.
So far it has been, notice it, and block the IP. Add user to static
DHCP in a blocked block of addresses. Hope they call. Do it again when
they change WiFi cards. Remember that this is in a hotel, and I support
about 40 of them. I have done 4 hotels with this problem this week, and
2 of them twice. It is fully manual, always a crises, and a PITA!
There is no way to limit connections with the traffic shaper is there?
PS: I am going to bed now after fixing another one. It is 1:47am.