Strange leakage of private source addresses w/ipfw and natd

Clemens Fischer ino-qc at
Sat Feb 14 05:30:24 PST 2004

* 2003-10-27 freebsd at

> Ok, maybe not THAT important but definitely a Bad Surprise.  Here's
> the sample (and in current configuration only ICMP packets from time
> to time are being passed through unaltered):
> snort: [1:0:0] POSSIBLE address leakage - ICMP {ICMP} ->
> [**] POSSIBLE address leakage - ICMP [**]

ICMP is connectionless, so anybody can ping/traceroute/whatever your
machine if you don't block those private IPs, and this is what people
usually do.


More information about the freebsd-ipfw mailing list