Linksys BEFSR41v4: When is a firewall not a firewall?
Don Levey
lug-TwWeWiF2EGRi+ztankeudA at public.gmane.org
Wed Jul 29 13:06:27 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Brendan Kidwell wrote:
>
> Tom Metro-16 wrote:
>> Don Levey wrote:
>>> Why are these attempts getting past the Linksys in the first place, and
>>> How are they being directed to this one machine?
>> Is the target machine running a protocol that makes outbound UDP
>> connections on random ports? DNS perhaps?
>>
>> UDP is not stateful, and once your router sets up a NAT table entry for
>> the outbound packet, it may not be restricting the source IP of the
>> replies.
>>
>> (Some VPNs take advantage of an aspect of this to accomplish NAT
>> traversal...
>>
>
> Don, can you afford to shut everything down and run the target machine with
> no outbound packets allowed for a day or so and see if the problem goes
> away? If it does, then yes as Tom suggests, some outbound pseudo-connection
> over UDP is opening up a path back in. (This was my first thought as well.)
>
Hmm... No outbound at all may be difficult, as it holds the mail server,
calendar server, and the like. However, this didn't happen before BIND
was set up on this machine, and it explains all the symptoms.
Everything except what I need to use is walled off, so I'm not as
concerned about penetration as I am about explanation. Just gives me
another excuse to work on the proper firewall unit. Thanks!
-Don
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFKcIGTiVR8AmYXiFARAnw8AKCMJ81BKJR8d0dP0myhS98Q9gBjbgCfb65w
a9ex6HjS8q6Fy/n/KsfUonA=
=cf7S
-----END PGP SIGNATURE-----
More information about the Discuss
mailing list