Re: 2.0.36: ip_masqurade and stealth scan DoS

Paul Fulghum (paulkf@microgate.com)
Wed, 10 Mar 1999 10:53:43 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: David Miller: "Re: [patch] TCP -> retrans_collapse doesn't update packets_out"
Previous message: David Miller: "Re: TCP FIN-fragment failure in 2.2.x"
Maybe in reply to: Daniel Ryde: "2.0.36: ip_masqurade and stealth scan DoS"

-----Original Message-----
From: Paul Rusty Russell <Paul.Russell@rustcorp.com.au>
To: Daniel Ryde <ryde@tripnet.se>
Cc: Linux Kernel <linux-kernel@vger.rutgers.edu>
Date: Tuesday, March 09, 1999 11:55 PM
Subject: Re: 2.0.36: ip_masqurade and stealth scan DoS

>In message <Pine.LNX.3.96.990308095449.23918D-100000@hobbe.tripnet.se> you
writ
>e:
>> Hi,
>>
>> We have a problem with ip_masqurading set up as a firewall. When someone
>> runs a stealth scan from the masquraded net to the outside net, it will
>> very fast consume all available masqurade ports. The result is a nasty
>> DoS for all adresses on the masquraded net.
>
>Take a baseball bat to the stealth-scanning motherfucker, and the
>problem will be resolved.
>
>There are several possible DOS attacks from INSIDE a NAT host. Fixing
>this one doesn't win much.
>
>Trust me on the baseball bat,
>Rusty.
>--
> .sig lost in the mail.

Make sure to leave the bat with the body so it looks like a suicide :)

Paul Fulghum, paulkf@microgate.com
Microgate Corporation
9501 Capital of TX Hwy
Austin, TX 78759
(512)-345-7791

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Miller: "Re: [patch] TCP -> retrans_collapse doesn't update packets_out"
Previous message: David Miller: "Re: TCP FIN-fragment failure in 2.2.x"
Maybe in reply to: Daniel Ryde: "2.0.36: ip_masqurade and stealth scan DoS"