Re: 2.0.36: ip_masqurade and stealth scan DoS

Paul Rusty Russell (
Tue, 09 Mar 1999 06:43:09 +1130

In message <> you writ
> Hi,
> We have a problem with ip_masqurading set up as a firewall. When someone
> runs a stealth scan from the masquraded net to the outside net, it will
> very fast consume all available masqurade ports. The result is a nasty
> DoS for all adresses on the masquraded net.

Take a baseball bat to the stealth-scanning motherfucker, and the
problem will be resolved.

There are several possible DOS attacks from INSIDE a NAT host. Fixing
this one doesn't win much.

Trust me on the baseball bat,

 .sig lost in the mail.

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to Please read the FAQ at