User tripping port flood rules in csf
This one isn't so much about how to protect a server, but rather why a specific user is tripping the port flood rule. I use csf on the server, and port 80 is set to: 80;tcp;20;5 (20 connections within 5 seconds).
The user is using XP and Firefox. He's an elderly gentleman and has been a member of the site for many, many years. So anything overtly malicious on his part is ruled out.
What I'm trying to figure out is why he's tripping this rule, and what could be on his machine that causes this behavior, whether it's a Firefox addon or something else. Has anyone else run across something like this?