From owner-freebsd-ipfw@FreeBSD.ORG Tue Jul 19 23:05:05 2005 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F1B3516A41F for ; Tue, 19 Jul 2005 23:05:05 +0000 (GMT) (envelope-from lists@natserv.com) Received: from zoraida.natserv.net (p65-147.acedsl.com [66.114.65.147]) by mx1.FreeBSD.org (Postfix) with ESMTP id B206843D45 for ; Tue, 19 Jul 2005 23:05:05 +0000 (GMT) (envelope-from lists@natserv.com) Received: from localhost (localhost.natserv.net [127.0.0.1]) by zoraida.natserv.net (Postfix) with ESMTP id B53587DA8; Tue, 19 Jul 2005 19:05:04 -0400 (EDT) Date: Tue, 19 Jul 2005 19:05:04 -0400 (EDT) From: Francisco Reyes X-X-Sender: fran@zoraida.natserv.net To: olli@lurza.secnetix.de Message-ID: <20050719185445.A47246@zoraida.natserv.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-ipfw@freebsd.org Subject: Re: Trying to understand dynamic rules X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jul 2005 23:05:06 -0000 Oliver Fromme olli at lurza.secnetix.de wrote: >It's possible, but it's probably _not_ a good idea, because >an attacker can easily perform a denial-of-service attack >against your machine. For example, he can make several >connection attempts to your machine, using -- say -- the IP >addresses of your DNS servers as source IPs Thanks for the warning. Noted. How would such a rule look like? Although in this particular scenario I agree with you I do think it may be a usefull rule to know. Please CC since I am not on the list.