From owner-freebsd-security  Wed Jan 31 10: 6: 1 2001
Delivered-To: freebsd-security@freebsd.org
Received: from flute.daconcepts.dyndns.org (wks-166-131-83.kscable.com [24.166.131.83])
	by hub.freebsd.org (Postfix) with ESMTP id 485F137B503
	for <freebsd-security@freebsd.org>; Wed, 31 Jan 2001 10:05:43 -0800 (PST)
Received: from localhost (natedac@localhost)
	by flute.daconcepts.dyndns.org (8.11.1/8.11.1) with ESMTP id f0VI5gk00828
	for <freebsd-security@freebsd.org>; Wed, 31 Jan 2001 12:05:42 -0600 (CST)
	(envelope-from natedac@kscable.com)
X-Authentication-Warning: flute.daconcepts.dyndns.org: natedac owned process doing -bs
Date: Wed, 31 Jan 2001 12:05:41 -0600 (CST)
From: Nate Dannenberg <natedac@kscable.com>
X-Sender: natedac@flute.daconcepts.dyndns.org
To: freebsd-security@freebsd.org
Subject: NATD insecure / DoS?
Message-ID: <Pine.BSF.4.21.0101311157460.798-100000@flute.daconcepts.dyndns.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


Something I ran into today, which I think warrants a little checking into.

I have NATD set up and running a simple divert mechanism (with the
kernel's help of course) for another computer on this machine's RS232
port.  That other computer isn't what this message is about, however.

The IP address of this machine (which runs 4.2-Release), which is normally
more or less static, changed yesterday.  When that happened, I ended up
without any Internet connectivity, and I think it was NATD's fault:

ifconfig -a showed that I had an IP address (the new one), and dhclient
was able to get the information it needs from the DHCP server without
problems, but all other attempts to go out on the network failed (telnet,
ping, www, napster, etc), and netstat -r refused to come up with any
routing information.

My only solution (before I realized the possible problem) was to shut down
and reboot the computer.  On checking /var/log/messages, I saw a few of
the usual DHCP requests, all of which looked normal, except for one in
which my IP address had changed.  It was at that point that I lost
connectivity.

Does anyone else have this problem with NATD?  Is there a solution?

-- 
 ___________________________________  _____  _____
|                                   _///@@@|      |
| natedac@kscable.com              /'//ZZ@@|____  |
|                                 |'''/    |'/@7  |
| http://home.kscable.com/natedac |`'|     `~~'   |
|                                 | `|     .--.   |
| C64/C128 - What's *YOUR* hobby? |  `\____|___\  |
|                                  \_      |      |
|___________________________________ \_____| _____|




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message