However, the gateway is only a hop point. Even in a DNAT network, if you allow an external device through the firewall, it will not have the gateways address.
I guess that most systems which currently are systematically attacked simply forward port 900x on their router to LMS. In this case the incoming IP address would be the gateway's.
I know the current code is far from perfect. But it certainly covers many of the cases I've seen so far. I do know there are already installations out there which take advantage of this slightly improved default behaviour.
Please note that I did NOT implement this to make publishing your LMS to the world more safe. I'm still saying: don't do it. But I know that many users did it out of some need, or ignorance. And many of them are not aware of the problem. In these cases new LMS at least does provide a minimum more protection than before.
-- Michael _______________________________________________ discuss mailing list [email protected] http://lists.slimdevices.com/mailman/listinfo/discuss
