[6bone] Re: Internal Address Space
Michel Py
michel@arneill-py.sacramento.ca.us
Tue, 21 May 2002 08:05:33 -0700
Stephen,
> Stephen Degler wrote:
> Please be more specific. I believe that there are flaws in the
> implementations of statefull firewalls as there all in all things,
> but it is my impression that they are relatively secure from the
> design perspective.
> How exactly would this IE plugin work?
By initiating the traffic from the inside at both hosts, which opens a
temporary hole in the firewall to allow return traffic. A good example
of that kind of trick is Morpheus: People can pull mp3s from your RFC
1918 host crossing NAT and crossing a stateful firewall _without_ having
to punch a hole in the firewall and without static NAT configuration. I
think that teredo also allows to do the same. All these mechanisms are
based in contacting an agent outside; if that agent is listening on port
80 there is not much you can do to prevent your host talking to it.
Michel.