[Dshield] BEFSX41 and a lot of hits

John Holmblad jholmblad at aol.com
Wed Jan 21 22:28:09 GMT 2004


it is my understanding that the Linksys router will not forward a UDP 
packet from the WAN side to the LAN side unless it already has a NAT 
port mapping that is either configured using the Port Forwarding 
capability built into the Linksys router family,  or, automatically, as 
a result of  the receipt of  a UDP packet (e.g. DNS Query) in the 
LAN=>WAN direction, in which case a temporary mapping gets set up with a 
time-out value. In other words, although, as you recommend,  it is a 
good  idea to block response to incoming Pings to the public IP address 
of the router, it is not necessary to have this  ping blocking feature 
turned on in order for the router to drop UDP packets that are NOT in 
response to an outgoing UDP packet on the same port. I believe that this 
behavior is in conformance with the IETF RFC's on how NAT should operate 
with respect to UDP packets.

Best Regards,


John Holmblad


Televerage International


(H) 703 620 0672

(M) 703 407 2278

(F) 703 620 5388


www page:                      www.vtext.com/users/jholmblad

primary email address: jholmblad at aol.com

backup email address:  jholmblad at verizon.net


text email address:         jholmblad at vtext.com

More information about the list mailing list