From owner-freebsd-ipfw@FreeBSD.ORG  Sun Feb 15 01:19:36 2004
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 58E6816A4CE
	for <freebsd-ipfw@freebsd.org>; Sun, 15 Feb 2004 01:19:36 -0800 (PST)
Received: from mail.dwec.ru (mail.dwec.ru [194.84.175.18])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B47F043D1D
	for <freebsd-ipfw@freebsd.org>; Sun, 15 Feb 2004 01:19:35 -0800 (PST)
	(envelope-from freebsd@dwec.ru)
Received: from mail.dwec.ru (root@localhost)
	by mail.dwec.ru (8.12.10/no info ;)) with SMTP id i1F9JYQU051073
	for <freebsd-ipfw@freebsd.org>; Sun, 15 Feb 2004 12:19:34 +0300 (MSK)
	(envelope-from freebsd@dwec.ru)
From: "Oleg Y. Ivanov" <freebsd@dwec.ru>
Received: from oivanovmob (gw [194.84.175.30])
	by mail.dwec.ru (8.12.10/no info ;)) with SMTP id i1F9JW9Y051059
	for <freebsd-ipfw@freebsd.org>; Sun, 15 Feb 2004 12:19:32 +0300 (MSK)
	(envelope-from freebsd@dwec.ru)
Message-ID: <006f01c3f3a4$cd109cf0$0305a8c0@oivanovmob>
To: <freebsd-ipfw@freebsd.org>
References:
	<3F833434.5090506@tenebras.com><ekx0paff.fsf@ID-23066.news.dfncis.de><020201c39c6e$5f0fea40$080ba8c0@admin>
	<oes1amix.fsf@ID-23066.news.dfncis.de>
Date: Sun, 15 Feb 2004 12:19:18 +0300
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Subject: Re: Strange leakage of private source addresses w/ipfw and natd
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Feb 2004 09:19:36 -0000

Ok - it should be blocked and it is blocked.
But some ICMP packets (more precisely - ICMP unreach messages) somehow are
passed to the World not altered from time to time. So actually it's not the
bad ipfw ruleset issue, but NATd itself.


> * 2003-10-27 freebsd@dwec.ru:
> > Ok, maybe not THAT important but definitely a Bad Surprise.  Here's
> > the sample (and in current configuration only ICMP packets from time
> > to time are being passed through unaltered):
> > snort: [1:0:0] POSSIBLE address leakage - ICMP {ICMP} 192.168.5.2 ->
> > 208.115.104.193
> > [**] POSSIBLE address leakage - ICMP [**]
> ICMP is connectionless, so anybody can ping/traceroute/whatever your
> machine if you don't block those private IPs, and this is what people
> usually do.
>
>   clemens
>
> _______________________________________________
> freebsd-ipfw@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
>
>