Strange leakage of private source addresses w/ipfw and natd
Oleg Y. Ivanov
freebsd at dwec.ru
Sun Feb 15 01:19:36 PST 2004
Ok - it should be blocked and it is blocked.
But some ICMP packets (more precisely - ICMP unreach messages) somehow are
passed to the World not altered from time to time. So actually it's not the
bad ipfw ruleset issue, but NATd itself.
> * 2003-10-27 freebsd at dwec.ru:
> > Ok, maybe not THAT important but definitely a Bad Surprise. Here's
> > the sample (and in current configuration only ICMP packets from time
> > to time are being passed through unaltered):
> > snort: [1:0:0] POSSIBLE address leakage - ICMP {ICMP} 192.168.5.2 ->
> > 208.115.104.193
> > [**] POSSIBLE address leakage - ICMP [**]
> ICMP is connectionless, so anybody can ping/traceroute/whatever your
> machine if you don't block those private IPs, and this is what people
> usually do.
>
> clemens
>
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
>
>
More information about the freebsd-ipfw
mailing list