From owner-freebsd-security  Wed Jan 31 10:20:42 2001
Delivered-To: freebsd-security@freebsd.org
Received: from flute.daconcepts.dyndns.org (wks-166-131-83.kscable.com [24.166.131.83])
	by hub.freebsd.org (Postfix) with ESMTP id BAA6037B503
	for <freebsd-security@FreeBSD.ORG>; Wed, 31 Jan 2001 10:20:21 -0800 (PST)
Received: from localhost (natedac@localhost)
	by flute.daconcepts.dyndns.org (8.11.1/8.11.1) with ESMTP id f0VIKHO00857
	for <freebsd-security@FreeBSD.ORG>; Wed, 31 Jan 2001 12:20:21 -0600 (CST)
	(envelope-from natedac@kscable.com)
X-Authentication-Warning: flute.daconcepts.dyndns.org: natedac owned process doing -bs
Date: Wed, 31 Jan 2001 12:20:17 -0600 (CST)
From: Nate Dannenberg <natedac@kscable.com>
X-Sender: natedac@flute.daconcepts.dyndns.org
To: freebsd-security@FreeBSD.ORG
Subject: Re: NATD insecure / DoS?
In-Reply-To: <Pine.BSF.4.21.0101311157460.798-100000@flute.daconcepts.dyndns.org>
Message-ID: <Pine.BSF.4.21.0101311215170.798-100000@flute.daconcepts.dyndns.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> My only solution (before I realized the possible problem) was to shut down
> and reboot the computer.  On checking /var/log/messages, I saw a few of
> the usual DHCP requests, all of which looked normal, except for one in
> which my IP address had changed.  It was at that point that I lost
> connectivity.
> 
> Does anyone else have this problem with NATD?  Is there a solution?

What I forgot to mention is that before I rebooted, I checked things out
with tcpdump, which showed a lot of activity from my previous IP address,
even though attempts to reach that address, either from this box in
question or another person's machine located 20 miles away (I phoned him),
by any method (ping, telnet, ftp) failed.

That person also tried reaching my machine by the IP address ifconfig said
I had, and he received no data back once connected either by FTP or
telnet, however he was getting responses to PING requests.

Did NATD take a dive when my IP address changed?

-- 
 ___________________________________  _____  _____
|                                   _///@@@|      |
| natedac@kscable.com              /'//ZZ@@|____  |
|                                 |'''/    |'/@7  |
| http://home.kscable.com/natedac |`'|     `~~'   |
|                                 | `|     .--.   |
| C64/C128 - What's *YOUR* hobby? |  `\____|___\  |
|                                  \_      |      |
|___________________________________ \_____| _____|




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message