Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Linksys BEFSR41v4: When is a firewall not a firewall?

Don Levey wrote:
>           Service: laplink (udp/1547) (REJECT-KOREATELECOM-01-) - 1 packet
>           Service: citynl (udp/1729) (REJECT-KOREATELECOM-01-) - 1 packet
>           Service: can-dch (udp/1919) (REJECT-KOREATELECOM-01-) - 1 packet
>           Service: teleniumdaemon (udp/2060) (REJECT-KOREATELECOM-01-) -
> Why are these attempts getting past the Linksys in the first place, and
> How are they being directed to this one machine?

Is the target machine running a protocol that makes outbound UDP 
connections on random ports? DNS perhaps?

UDP is not stateful, and once your router sets up a NAT table entry for 
the outbound packet, it may not be restricting the source IP of the replies.

(Some VPNs take advantage of an aspect of this to accomplish NAT 
traversal. With the help of a coordinating third party server, two VPN 
end-points behind NAT routers start blasting UDP packets at each other. 
The initial packets are rejected, but once the outbound packets trigger 
the router to open up a port, the packets pass through to the LAN.)

To take advantage of this the Korean hacker would need to flood your 
router with UDP packets on random ports, some of which would get through.


Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile:

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /