[Dshield] BEFSX41 and a lot of hits

Doug Douglass hostmaster at denverdata.com
Thu Jan 22 17:57:09 GMT 2004

On Wednesday 21 January 2004 03:28 pm, John Holmblad wrote:
> Doug,
> it is my understanding that the Linksys router will not forward a UDP
> packet from the WAN side to the LAN side unless it already has a NAT
> port mapping that is either configured using the Port Forwarding
> capability built into the Linksys router family,  or, automatically, as
> a result of  the receipt of  a UDP packet (e.g. DNS Query) in the
> LAN=>WAN direction, in which case a temporary mapping gets set up with a
> time-out value. In other words, although, as you recommend,  it is a
> good  idea to block response to incoming Pings to the public IP address
> of the router, it is not necessary to have this  ping blocking feature
> turned on in order for the router to drop UDP packets that are NOT in
> response to an outgoing UDP packet on the same port. I believe that this
> behavior is in conformance with the IETF RFC's on how NAT should operate
> with respect to UDP packets.


You may very well be correct. I have a comment in my personal notes to the 
contracy but didn't document/can't recall the source (perhaps in the list 
archives?). Perhaps I'm confusing issues with older firmware versions.

More information about the list mailing list