From owner-freebsd-stable  Wed Jan 23  0:27: 4 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.dev.itouchnet.net (devco.net [196.15.188.2])
	by hub.freebsd.org (Postfix) with ESMTP id 3150037B41B
	for <freebsd-stable@freebsd.org>; Wed, 23 Jan 2002 00:26:55 -0800 (PST)
Received: from nobody by mx1.dev.itouchnet.net with scanned_ok (Exim 3.33 #2)
	id 16TIlx-000Gyd-00
	for freebsd-stable@freebsd.org; Wed, 23 Jan 2002 10:28:45 +0200
Received: from shell.devco.net ([196.15.188.7])
	by mx1.dev.itouchnet.net with esmtp (Exim 3.33 #2)
	id 16TIlv-000GyI-00; Wed, 23 Jan 2002 10:28:43 +0200
Received: from bvi by shell.devco.net with local (Exim 3.33 #4)
	id 16TIpX-0006rS-00; Wed, 23 Jan 2002 10:32:27 +0200
Date: Wed, 23 Jan 2002 10:32:27 +0200
From: Barry Irwin <bvi@itouchlabs.com>
To: Tom <tom@uniserve.com>
Cc: "Robert D. Hughes" <rob@robhughes.com>,
	freebsd-stable@freebsd.org
Subject: Re: NATD, or another one I haven't seen before
Message-ID: <20020123103227.F32746@itouchlabs.com>
References: <B95B566BD245174196CA4EE29E5818831B6452@HEXCH01.robhughes.com> <Pine.BSF.4.10.10201221506250.61403-100000@athena.uniserve.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.BSF.4.10.10201221506250.61403-100000@athena.uniserve.ca>; from tom@uniserve.com on Tue, Jan 22, 2002 at 03:14:47PM -0800
X-Checked: This message has been scanned for any virusses and unauthorized attachments.
X-iScan-ID: 65259-1011774525-12232@mx1.dev.itouchnet.net version $Name: REL_2_0_2 $
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

On Tue 2002-01-22 (15:14), Tom wrote:
> 
>   Lots of unused IPs is a denial of service vunerability.  Port scanning them
> will generate a lot of ARP activity, and force your gateway to buffer a lot of
> traffic.  Unused networks should be removed off of router interfaces, and
> replaced with Null (blackhole) routes

Fully agreed, however some ISP's are rather slack and one ends up having an
arp-storm on the outside interface of your firewall :<  Not much I can
really think of to combat such a storm.  

In theory I suppose one could have a static arp entry to your defaultroute,
and then configure the interface not to arp, although I'm not sure if this
will prevent any handling of other systems arp traffic received on the
interface.

Barry

--
Barry Irwin		bvi@itouchlabs.com			+27214875150
Systems Administrator: Networks And Security
Itouch Labs 		http://www.itouchlabs.com		South Africa


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message