[Bug 192888] ipfw NAT vulnerable to simple DOS attacks
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sun Sep 20 11:26:08 UTC 2020
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192888
lutz at donnerhacke.de changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |lutz at donnerhacke.de
--- Comment #2 from lutz at donnerhacke.de ---
It seems that the problems still exists:
(Articles in German)
https://lutz.donnerhacke.de/Blog/Performance-Probleme-mit-NAT
https://lutz.donnerhacke.de/Blog/Wenn-der-Traceroute-Kreise-tanzt
It's a variant of the LAND attack https://en.wikipedia.org/wiki/LAND.
My solution is to use ipfw (which is used to activate NAT) to drop incoming
packets sourced from the public NAT IP. So simple antispoofing.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ipfw
mailing list