From nobody@FreeBSD.ORG  Wed May 24 22:16:53 2000
Return-Path: <nobody@FreeBSD.ORG>
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 135F337B69B; Wed, 24 May 2000 22:16:53 -0700 (PDT)
Message-Id: <20000525051653.135F337B69B@hub.freebsd.org>
Date: Wed, 24 May 2000 22:16:53 -0700 (PDT)
From: drew0054@tc.umn.edu
Sender: nobody@FreeBSD.ORG
To: freebsd-gnats-submit@FreeBSD.org
Subject: crusty  natd  man pages
X-Send-Pr-Version: www-1.0

>Number:         18802
>Category:       docs
>Synopsis:       crusty  natd  man pages
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    ru
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed May 24 22:20:01 PDT 2000
>Closed-Date:    Tue Jun 27 10:05:59 PDT 2000
>Last-Modified:  Tue Jun 27 10:06:21 PDT 2000
>Originator:     Zachary K Drew
>Release:        4.0-20000430-STABLE
>Organization:
>Environment:
n/a
>Description:
The natd man pages should include a recommendation to use the
-unregistered_only flag when using natd to do internet connection sharing. Its not obvious to a large number of people that their natd box could be used to launch an attack with out their knowledge.

The opportunity to use this might seem rather rare, but as more and more people use natd on cable, dsl, and university dorm connections this become a greater problem.

Also, the instructions in the man page to set up natd could use some updating.
>How-To-Repeat:
man natd
>Fix:


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-doc->alex 
Responsible-Changed-By: alex 
Responsible-Changed-When: Mon Jun 12 09:41:44 PDT 2000 
Responsible-Changed-Why:  
Mine! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=18802 
State-Changed-From-To: open->feedback 
State-Changed-By: alex 
State-Changed-When: Wed Jun 14 07:30:48 PDT 2000 
State-Changed-Why:  
Hmm. 

Could you explain how people can use your natd to launch an attack this way, 
please? 

thanks! 

Alex 


http://www.freebsd.org/cgi/query-pr.cgi?pr=18802 
State-Changed-From-To: feedback->open 
State-Changed-By: alex 
State-Changed-When: Mon Jun 26 07:54:41 PDT 2000 
State-Changed-Why:  
I commited a similar fix to -CURRENT. 
However, natd.8 should first be cleaned up in the mdoc sense, so leave this 
open to remind me to also DO the work. 

Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=18802 
Responsible-Changed-From-To: alex->ru 
Responsible-Changed-By: alex 
Responsible-Changed-When: Tue Jun 27 05:06:04 PDT 2000 
Responsible-Changed-Why:  
Ruslan might want to MFC it. 
Otherwise, it should be closed. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=18802 
State-Changed-From-To: open->closed 
State-Changed-By: ru 
State-Changed-When: Tue Jun 27 10:05:59 PDT 2000 
State-Changed-Why:  
MFC'ed. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=18802 
>Unformatted:
