Trying to understand dynamic rules
lists at natserv.com
Tue Jul 19 23:05:06 GMT 2005
Oliver Fromme olli at lurza.secnetix.de wrote:
>It's possible, but it's probably _not_ a good idea, because
>an attacker can easily perform a denial-of-service attack
>against your machine. For example, he can make several
>connection attempts to your machine, using -- say -- the IP
>addresses of your DNS servers as source IPs
Thanks for the warning. Noted.
How would such a rule look like?
Although in this particular scenario I agree with you I do think it may be
a usefull rule to know.
Please CC since I am not on the list.
More information about the freebsd-ipfw