Linksys BEFSR41v4: When is a firewall not a firewall?
Tom Metro
tmetro-blu-5a1Jt6qxUNc at public.gmane.org
Tue Jul 28 14:45:11 EDT 2009
Don Levey wrote:
> Service: laplink (udp/1547) (REJECT-KOREATELECOM-01-) - 1 packet
> Service: citynl (udp/1729) (REJECT-KOREATELECOM-01-) - 1 packet
> Service: can-dch (udp/1919) (REJECT-KOREATELECOM-01-) - 1 packet
> Service: teleniumdaemon (udp/2060) (REJECT-KOREATELECOM-01-) -
>
> Why are these attempts getting past the Linksys in the first place, and
> How are they being directed to this one machine?
Is the target machine running a protocol that makes outbound UDP
connections on random ports? DNS perhaps?
UDP is not stateful, and once your router sets up a NAT table entry for
the outbound packet, it may not be restricting the source IP of the replies.
(Some VPNs take advantage of an aspect of this to accomplish NAT
traversal. With the help of a coordinating third party server, two VPN
end-points behind NAT routers start blasting UDP packets at each other.
The initial packets are rejected, but once the outbound packets trigger
the router to open up a port, the packets pass through to the LAN.)
To take advantage of this the Korean hacker would need to flood your
router with UDP packets on random ports, some of which would get through.
-Tom
--
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/
More information about the Discuss
mailing list