From owner-freebsd-stable Tue Jan 22 16:28:48 2002 Delivered-To: freebsd-stable@freebsd.org Received: from pi.yip.org (pi.yip.org [199.45.111.121]) by hub.freebsd.org (Postfix) with ESMTP id C68D037B422 for ; Tue, 22 Jan 2002 16:28:31 -0800 (PST) Received: (from melange@localhost) by pi.yip.org (8.11.3/8.11.3) id g0N0SKn44245; Tue, 22 Jan 2002 19:28:20 -0500 (EST) (envelope-from melange@yip.org) Date: Tue, 22 Jan 2002 19:28:19 -0500 From: Bob K To: Tom Cc: "Robert D. Hughes" , freebsd-stable@FreeBSD.ORG Subject: Re: NATD, or another one I haven't seen before Message-ID: <20020122192818.A42761@yip.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from tom@uniserve.com on Tue, Jan 22, 2002 at 03:14:47PM -0800 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, Jan 22, 2002 at 03:14:47PM -0800, Tom wrote: > > Lots of unused IPs is a denial of service vunerability. Port scanning them > will generate a lot of ARP activity, and force your gateway to buffer a lot of > traffic. Unused networks should be removed off of router interfaces, and > replaced with Null (blackhole) routes I don't know if it's been mentioned in this discussion before or not, but http://www.hackbusters.net/LaBrea/ is designed specifically to protect networks from that type of DoS. (er, it's a linux app - although it's reported to work on NetBSD) -- Bob | Please don't feed the sock puppet. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message