Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Linksys BEFSR41v4: When is a firewall not a firewall?

Hash: SHA1

Brendan Kidwell wrote:
> Tom Metro-16 wrote:
>> Don Levey wrote:
>>> Why are these attempts getting past the Linksys in the first place, and
>>> How are they being directed to this one machine?
>> Is the target machine running a protocol that makes outbound UDP 
>> connections on random ports? DNS perhaps?
>> UDP is not stateful, and once your router sets up a NAT table entry for 
>> the outbound packet, it may not be restricting the source IP of the
>> replies.
>> (Some VPNs take advantage of an aspect of this to accomplish NAT 
>> traversal...
> Don, can you afford to shut everything down and run the target machine with
> no outbound packets allowed for a day or so and see if the problem goes
> away? If it does, then yes as Tom suggests, some outbound pseudo-connection
> over UDP is opening up a path back in. (This was my first thought as well.)

Hmm... No outbound at all may be difficult, as it holds the mail server,
calendar server, and the like.  However, this didn't happen before BIND
was set up on this machine, and it explains all the symptoms.
Everything except what I need to use is walled off, so I'm not as
concerned about penetration as I am about explanation.  Just gives me
another excuse to work on the proper firewall unit.  Thanks!

Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla -


BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /