Re: NATD insecure / DoS?

From: Nate Dannenberg (natedac@kscable.com)
Date: 01/31/01


Date: Wed, 31 Jan 2001 12:20:17 -0600 (CST)
From: Nate Dannenberg <natedac@kscable.com>
To: freebsd-security@FreeBSD.ORG


> My only solution (before I realized the possible problem) was to shut down
> and reboot the computer. On checking /var/log/messages, I saw a few of
> the usual DHCP requests, all of which looked normal, except for one in
> which my IP address had changed. It was at that point that I lost
> connectivity.
>
> Does anyone else have this problem with NATD? Is there a solution?

What I forgot to mention is that before I rebooted, I checked things out
with tcpdump, which showed a lot of activity from my previous IP address,
even though attempts to reach that address, either from this box in
question or another person's machine located 20 miles away (I phoned him),
by any method (ping, telnet, ftp) failed.

That person also tried reaching my machine by the IP address ifconfig said
I had, and he received no data back once connected either by FTP or
telnet, however he was getting responses to PING requests.

Did NATD take a dive when my IP address changed?

-- 
 ___________________________________  _____  _____
|                                   _///@@@|      |
| natedac@kscable.com              /'//ZZ@@|____  |
|                                 |'''/    |'/@7  |
| http://home.kscable.com/natedac |`'|     `~~'   |
|                                 | `|     .--.   |
| C64/C128 - What's *YOUR* hobby? |  `\____|___\  |
|                                  \_      |      |
|___________________________________ \_____| _____|
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message