Date: Tue, 22 Jan 2002 19:28:19 -0500 From: Bob K <melange@yip.org> To: Tom <tom@uniserve.com> Cc: "Robert D. Hughes" <rob@robhughes.com>, freebsd-stable@FreeBSD.ORG Subject: Re: NATD, or another one I haven't seen before Message-ID: <20020122192818.A42761@yip.org> In-Reply-To: <Pine.BSF.4.10.10201221506250.61403-100000@athena.uniserve.ca>; from tom@uniserve.com on Tue, Jan 22, 2002 at 03:14:47PM -0800 References: <B95B566BD245174196CA4EE29E5818831B6452@HEXCH01.robhughes.com> <Pine.BSF.4.10.10201221506250.61403-100000@athena.uniserve.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jan 22, 2002 at 03:14:47PM -0800, Tom wrote: > > Lots of unused IPs is a denial of service vunerability. Port scanning them > will generate a lot of ARP activity, and force your gateway to buffer a lot of > traffic. Unused networks should be removed off of router interfaces, and > replaced with Null (blackhole) routes I don't know if it's been mentioned in this discussion before or not, but http://www.hackbusters.net/LaBrea/ is designed specifically to protect networks from that type of DoS. (er, it's a linux app - although it's reported to work on NetBSD) -- Bob <melange@yip.org> | Please don't feed the sock puppet. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020122192818.A42761>