From owner-freebsd-security Mon Mar 22 8:28:43 1999 Delivered-To: freebsd-security@freebsd.org Received: from fgw2.netvalue.fr (cegetel-gw.netvalue.fr [195.115.44.161]) by hub.freebsd.org (Postfix) with ESMTP id 47157150AF for ; Mon, 22 Mar 1999 08:28:36 -0800 (PST) (envelope-from erwan@netvalue.fr) Received: (from bin@localhost) by fgw2.netvalue.fr (8.9.1/8.8.8) id RAA04678 for ; Mon, 22 Mar 1999 17:28:15 +0100 (CET) (envelope-from erwan@netvalue.fr) X-Authentication-Warning: fgw2.netvalue.fr: bin set sender to using -f Received: from (etoile.netvalue.fr [192.168.1.11]) by fgw2.netvalue.fr via smap (V2.1) id xma004676; Mon, 22 Mar 99 17:27:51 +0100 Received: from netvalue.fr ([192.168.1.100]) by etoile.netvalue.fr (Netscape Messaging Server 3.5) with ESMTP id AAA6B39 for ; Mon, 22 Mar 1999 17:27:51 +0100 Message-ID: <36F66F86.88FA36E3@netvalue.fr> Date: Mon, 22 Mar 1999 17:27:50 +0100 From: Erwan Arzur Organization: NetValue S.A. X-Mailer: Mozilla 4.5 [en] (X11; I; FreeBSD 4.0-CURRENT i386) X-Accept-Language: en, fr-FR MIME-Version: 1.0 To: security@freebsd.org Subject: natd + nmap ? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I just tried to scan a FreeBDS3.0 w/ natd, and it appears that using the -sU flag with nmap seems to completely lock natd at 100% cpu. Thus, there is no way to send any packet in or out of the gateway. I am right assuming this is a kind of DOS attack ? Is there any way to prevent this kind of thing to happen, like an option to natd to make it drop incoming packets when reaching a given load ? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message