Strange leakage of private source addresses w/ipfw and natd
Clemens Fischer
ino-qc at spotteswoode.dnsalias.org
Sat Feb 14 05:30:24 PST 2004
* 2003-10-27 freebsd at dwec.ru:
> Ok, maybe not THAT important but definitely a Bad Surprise. Here's
> the sample (and in current configuration only ICMP packets from time
> to time are being passed through unaltered):
>
> snort: [1:0:0] POSSIBLE address leakage - ICMP {ICMP} 192.168.5.2 ->
> 208.115.104.193
> [**] POSSIBLE address leakage - ICMP [**]
ICMP is connectionless, so anybody can ping/traceroute/whatever your
machine if you don't block those private IPs, and this is what people
usually do.
clemens
More information about the freebsd-ipfw
mailing list