Date: Wed, 23 Jan 2002 10:32:27 +0200 From: Barry Irwin <bvi@itouchlabs.com> To: Tom <tom@uniserve.com> Cc: "Robert D. Hughes" <rob@robhughes.com>, freebsd-stable@freebsd.org Subject: Re: NATD, or another one I haven't seen before Message-ID: <20020123103227.F32746@itouchlabs.com> In-Reply-To: <Pine.BSF.4.10.10201221506250.61403-100000@athena.uniserve.ca>; from tom@uniserve.com on Tue, Jan 22, 2002 at 03:14:47PM -0800 References: <B95B566BD245174196CA4EE29E5818831B6452@HEXCH01.robhughes.com> <Pine.BSF.4.10.10201221506250.61403-100000@athena.uniserve.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue 2002-01-22 (15:14), Tom wrote: > > Lots of unused IPs is a denial of service vunerability. Port scanning them > will generate a lot of ARP activity, and force your gateway to buffer a lot of > traffic. Unused networks should be removed off of router interfaces, and > replaced with Null (blackhole) routes Fully agreed, however some ISP's are rather slack and one ends up having an arp-storm on the outside interface of your firewall :< Not much I can really think of to combat such a storm. In theory I suppose one could have a static arp entry to your defaultroute, and then configure the interface not to arp, although I'm not sure if this will prevent any handling of other systems arp traffic received on the interface. Barry -- Barry Irwin bvi@itouchlabs.com +27214875150 Systems Administrator: Networks And Security Itouch Labs http://www.itouchlabs.com South Africa To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020123103227.F32746>