[Bug 192888] New: ipfw NAT vulnerable to simple DOS attacks

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Thu Aug 21 13:57:22 UTC 2014


            Bug ID: 192888
           Summary: ipfw NAT vulnerable to simple DOS attacks
           Product: Base System
           Version: 9.2-RELEASE
          Hardware: Any
                OS: Any
            Status: Needs Triage
          Severity: Affects Many People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: napTu at front.ru

ipfw NAT vulnerable to DOS attacks by sending ip packets to external ip address
and any port.
In this situation CPU usage goes to 100%.

NAT should find a matched internal address, and, if not, skip the packet to
external ip.

This process (with failed search) take a many time and resources.

You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list