Date: Mon, 30 Sep 2002 11:55:23 -0300 From: "Daniel C. Sobral" <dcs@tcoip.com.br> To: ipfw@freebsd.org Subject: Static NAT Message-ID: <3D9865DB.5040902@tcoip.com.br>
next in thread | raw e-mail | index | archive | help
I discovered a nasty problem with the way 1-1 NAT is performed with ipfw
atm (ie, divert throw natd). The problem is that, because a socket is
used for this nat, the firewall becomes vulnerable to DoS attacks
directed to such hosts.
Since static 1-1 NAT is pretty straightforward, it could be done in the
kernel-side of ipfw itself, thus avoiding this problem.
Anyone have thoughts on the subject?
--
Daniel C. Sobral (8-DCS)
Gerencia de Operacoes
Divisao de Comunicacao de Dados
Coordenacao de Seguranca
TCO
Fones: 55-61-313-7654/Cel: 55-61-9618-0904
E-mail: Daniel.Capo@tco.net.br
Daniel.Sobral@tcoip.com.br
dcs@tcoip.com.br
Outros:
dcs@newsguy.com
dcs@freebsd.org
capo@notorious.bsdconspiracy.net
The surest sign that a man is in love is when he divorces his wife.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D9865DB.5040902>