Re[2]: icmp problem

看板FB_security作者時間20年前 (2005/05/13 14:04), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串1/4 (看更多)
Hello. Another possible solution came to my mind this morning :) ICMP doesn't have ports like TCP and UDP do, but it does have the contents of the ICMP packets ;) What if the contents of the ICMP Echo Request, sent by the gateway to the Internet, is for example equal to: SHA1 ( original private src_ip + some (constant) garbage ) It can be used like a NAT "port-table" by a "special" ping utility: the real "private" sender gets all expected ICMP Replies. Such ping utility might be found or created. It would work with natd or with Netgraph (or with both :) ). AW> I would guess, that ICMP packets do not have a port number (just a AW> request/response id), so that the NAT cannot distinguish multiple AW> ICMP packet sources (I mean: The response from the ICMP requestee AW> cannot be mapped back to the appropriate ICMP requester). AW> Hmm... I just think, that (if you have multiple ICMP requestees) AW> the NAT could be able to map back the ICMP requester IP by the IP AW> of the ICMP requestee. But I do not know, how your router works... AW> Maybe your computer-pool could elect an ICMP-master, who AW> coordinates all the ICMP traffic through the NAT. AW> Bye AW> Arne -- Best regards, Danil V. Gerun. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 news. 的文章
文章代碼(AID): #12X4DO00 (FB_security)
更多 news. 的文章
文章代碼(AID): #12X4DO00 (FB_security)