[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[6bone] Re: Internal Address Space

Subject: [6bone] Re: Internal Address Space
From: [email protected] (Michel Py)
Date: Tue, 21 May 2002 08:05:33 -0700

Stephen,

> Stephen Degler wrote:
> Please be more specific.  I believe that there are flaws in the
> implementations of statefull firewalls as there all in all things,
> but it is my impression that they are relatively secure from the
> design perspective.
> How exactly would this IE plugin work?

By initiating the traffic from the inside at both hosts, which opens a
temporary hole in the firewall to allow return traffic. A good example
of that kind of trick is Morpheus: People can pull mp3s from your RFC
1918 host crossing NAT and crossing a stateful firewall _without_ having
to punch a hole in the firewall and without static NAT configuration. I
think that teredo also allows to do the same. All these mechanisms are
based in contacting an agent outside; if that agent is listening on port
80 there is not much you can do to prevent your host talking to it.

Michel.

Follow-Ups:
- [6bone] Re: Internal Address Space
  - From: [email protected] (Stephen Degler)
- [6bone] Re: Internal Address Space
  - From: [email protected] (Jeroen Massar)

Prev by Date: [6bone] AAAA and A6 recent status?
Next by Date: [6bone] 6Bone registry entries when multihomed?
Previous by thread: [6bone] Re: Internal Address Space
Next by thread: [6bone] Re: Internal Address Space
Index(es):
- Date
- Thread