 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Don Levey wrote: > Service: laplink (udp/1547) (REJECT-KOREATELECOM-01-) - 1 packet > Service: citynl (udp/1729) (REJECT-KOREATELECOM-01-) - 1 packet > Service: can-dch (udp/1919) (REJECT-KOREATELECOM-01-) - 1 packet > Service: teleniumdaemon (udp/2060) (REJECT-KOREATELECOM-01-) - > > Why are these attempts getting past the Linksys in the first place, and > How are they being directed to this one machine? Is the target machine running a protocol that makes outbound UDP connections on random ports? DNS perhaps? UDP is not stateful, and once your router sets up a NAT table entry for the outbound packet, it may not be restricting the source IP of the replies. (Some VPNs take advantage of an aspect of this to accomplish NAT traversal. With the help of a coordinating third party server, two VPN end-points behind NAT routers start blasting UDP packets at each other. The initial packets are rejected, but once the outbound packets trigger the router to open up a port, the packets pass through to the LAN.) To take advantage of this the Korean hacker would need to flood your router with UDP packets on random ports, some of which would get through. -Tom -- Tom Metro Venture Logic, Newton, MA, USA "Enterprise solutions through open source." Professional Profile: http://tmetro.venturelogic.com/
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
