[6bone] Re: Internal Address Space

Michel Py michel@arneill-py.sacramento.ca.us
Tue, 21 May 2002 08:05:33 -0700

Previous message: [6bone] 6Bone registry entries when multihomed?
Next message: [6bone] Re: Internal Address Space
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Stephen,

> Stephen Degler wrote:
> Please be more specific.  I believe that there are flaws in the
> implementations of statefull firewalls as there all in all things,
> but it is my impression that they are relatively secure from the
> design perspective.
> How exactly would this IE plugin work?

By initiating the traffic from the inside at both hosts, which opens a
temporary hole in the firewall to allow return traffic. A good example
of that kind of trick is Morpheus: People can pull mp3s from your RFC
1918 host crossing NAT and crossing a stateful firewall _without_ having
to punch a hole in the firewall and without static NAT configuration. I
think that teredo also allows to do the same. All these mechanisms are
based in contacting an agent outside; if that agent is listening on port
80 there is not much you can do to prevent your host talking to it.

Michel.

Previous message: [6bone] 6Bone registry entries when multihomed?
Next message: [6bone] Re: Internal Address Space
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]