[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[6bone] Re: Internal Address Space


> Stephen Degler wrote:
> Please be more specific.  I believe that there are flaws in the
> implementations of statefull firewalls as there all in all things,
> but it is my impression that they are relatively secure from the
> design perspective.
> How exactly would this IE plugin work?

By initiating the traffic from the inside at both hosts, which opens a
temporary hole in the firewall to allow return traffic. A good example
of that kind of trick is Morpheus: People can pull mp3s from your RFC
1918 host crossing NAT and crossing a stateful firewall _without_ having
to punch a hole in the firewall and without static NAT configuration. I
think that teredo also allows to do the same. All these mechanisms are
based in contacting an agent outside; if that agent is listening on port
80 there is not much you can do to prevent your host talking to it.