[OpenSER-Devel] SF.net SVN: openser: [2753] trunk/modules/nathelper

Dan Pascu dan at ag-projects.com
Thu Sep 13 12:26:33 CEST 2007


On Thursday 13 September 2007, Juha Heinanen wrote:
> Bogdan-Andrei Iancu writes:
>  > Are you referring to the pending patch for spoofing the source of
>  > the ping (to a non local IP).
>
> i didn't remember that there was such a pending patch, but, yes, i was
> thinking about spoofing the source address/port to correspond those of
> a load balancer in front of the proxies.

One problem with this is that most of the internet service providers will 
block IP packets that have a source address not in the originating 
network to limit DOS attacks and other security related problems.
As a consequence, this will only work if the spoofed address is in the 
same LAN with the proxy, but it will almost certainly fail if your load 
balancer is in another location.

-- 
Dan



More information about the Devel mailing list