Date: Mon, 30 Sep 2002 11:55:23 -0300 From: "Daniel C. Sobral" <dcs@tcoip.com.br> To: ipfw@freebsd.org Subject: Static NAT Message-ID: <3D9865DB.5040902@tcoip.com.br>
next in thread | raw e-mail | index | archive | help
I discovered a nasty problem with the way 1-1 NAT is performed with ipfw atm (ie, divert throw natd). The problem is that, because a socket is used for this nat, the firewall becomes vulnerable to DoS attacks directed to such hosts. Since static 1-1 NAT is pretty straightforward, it could be done in the kernel-side of ipfw itself, thus avoiding this problem. Anyone have thoughts on the subject? -- Daniel C. Sobral (8-DCS) Gerencia de Operacoes Divisao de Comunicacao de Dados Coordenacao de Seguranca TCO Fones: 55-61-313-7654/Cel: 55-61-9618-0904 E-mail: Daniel.Capo@tco.net.br Daniel.Sobral@tcoip.com.br dcs@tcoip.com.br Outros: dcs@newsguy.com dcs@freebsd.org capo@notorious.bsdconspiracy.net The surest sign that a man is in love is when he divorces his wife. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D9865DB.5040902>