Date: Thu, 21 Aug 2014 13:57:22 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 192888] New: ipfw NAT vulnerable to simple DOS attacks Message-ID: <bug-192888-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192888 Bug ID: 192888 Summary: ipfw NAT vulnerable to simple DOS attacks Product: Base System Version: 9.2-RELEASE Hardware: Any OS: Any Status: Needs Triage Severity: Affects Many People Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: napTu@front.ru ipfw NAT vulnerable to DOS attacks by sending ip packets to external ip address and any port. In this situation CPU usage goes to 100%. NAT should find a matched internal address, and, if not, skip the packet to external ip. This process (with failed search) take a many time and resources. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-192888-8>