ipfw NAT vulnerable to DOS attacks by sending ip packets to external ip address and any port.
In this situation CPU usage goes to 100%.
NAT should find a matched internal address, and, if not, skip the packet to external ip.
This process (with failed search) take a many time and resources.
Could you add some more detail or steps to reproduce? If this issue still exists in FreeBSD I would be very interested in fixing this. If I don't have any response in the next few months I will close this issue.
It seems that the problems still exists:
(Articles in German)
It's a variant of the LAND attack https://en.wikipedia.org/wiki/LAND.
My solution is to use ipfw (which is used to activate NAT) to drop incoming packets sourced from the public NAT IP. So simple antispoofing.