AlexK - 9:55 pm on Jan 25, 2006 (gmt 0)

Thank you, StupidScript, that input is certainly helpful.

It is the sheer scale of the Invalid packets that is defeating my mind, and causes me to wonder whether I have hit some sort of bug in the Firewall or the kernel. Consider the following:

# egrep -c "Jan 24(.*)Invalid packet(.*)PROTO=TCP(.*)DPT=80" /var/log/messages 5339 # fgrep -c "24/Jan" /var/log/httpd/co*-access_log /var/log/httpd/com-access_log:66110 /var/log/httpd/couk-access_log:32093

So, 98,203 hits on the website from 5,258 humans also produced 5,339 bad packets with 603 different IP-addresses. That's 5.4% of hits and 11.4% of people! That is surely a lot!

Now, if you are saying that more than 1 in 10 of all visitors are either trying to hack the site, or have such badly mis-configured TCP stacks that their page requests are utterly Invalid, and that that is just how life is today, then, ... well, I shall be flabbergasted, but have to accept it.

But surely not...