Date: Sun, 15 Feb 2004 12:19:18 +0300 From: "Oleg Y. Ivanov" <freebsd@dwec.ru> To: <freebsd-ipfw@freebsd.org> Subject: Re: Strange leakage of private source addresses w/ipfw and natd Message-ID: <006f01c3f3a4$cd109cf0$0305a8c0@oivanovmob> References: <3F833434.5090506@tenebras.com><ekx0paff.fsf@ID-23066.news.dfncis.de><020201c39c6e$5f0fea40$080ba8c0@admin> <oes1amix.fsf@ID-23066.news.dfncis.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Ok - it should be blocked and it is blocked.
But some ICMP packets (more precisely - ICMP unreach messages) somehow are
passed to the World not altered from time to time. So actually it's not the
bad ipfw ruleset issue, but NATd itself.
> * 2003-10-27 freebsd@dwec.ru:
> > Ok, maybe not THAT important but definitely a Bad Surprise. Here's
> > the sample (and in current configuration only ICMP packets from time
> > to time are being passed through unaltered):
> > snort: [1:0:0] POSSIBLE address leakage - ICMP {ICMP} 192.168.5.2 ->
> > 208.115.104.193
> > [**] POSSIBLE address leakage - ICMP [**]
> ICMP is connectionless, so anybody can ping/traceroute/whatever your
> machine if you don't block those private IPs, and this is what people
> usually do.
>
> clemens
>
> _______________________________________________
> freebsd-ipfw@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
>
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?006f01c3f3a4$cd109cf0$0305a8c0>