[Dshield] Possible solution for ISP (was DShield's public goals)

Frank Knobbe frank at knobbe.us
Thu Jan 19 14:23:36 GMT 2006


On Thu, 2006-01-19 at 01:00 -0500, Valdis.Kletnieks at vt.edu wrote:
> And Joe Sixpack didn't set up his NAT router, UPnP did it.. ;)

That still doesn't explain how it properly NAT's inbound audio stream
UDP packets to the right IP address (Joe, not his wife Suzie).

I think a lot of the newer protocols are able to tunnel through NAT
connections, even streaming services. Inbound call-setups used to be
different (ie H.323), but heck, even a Vonage phone can operate *behind*
a NAT router these days.

Given how many apps these days are "firewall-friendly" (much to the
dismay of network admins), I don't think your argument there was valid. 

Remember, all you need is HTTPS open outbound, and more programs than
you like can tunnel outbound and inbound data across that. ;)

Cheers,
Frank

-- 
It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20060119/b885a73b/attachment.bin


More information about the list mailing list