[Dshield] Possible solution for ISP (was DShield's public goals)

Valdis.Kletnieks@vt.edu Valdis.Kletnieks at vt.edu
Thu Jan 19 14:44:36 GMT 2006


On Thu, 19 Jan 2006 08:23:36 CST, Frank Knobbe said:

> That still doesn't explain how it properly NAT's inbound audio stream
> UDP packets to the right IP address (Joe, not his wife Suzie).

Well, if the UPnP request came from 192.168.10.4, it's Joe, if it came
from 198.168.10.8, it's Suzie.  This isn't rocket science. ;)

> I think a lot of the newer protocols are able to tunnel through NAT
> connections, even streaming services. Inbound call-setups used to be
> different (ie H.323), but heck, even a Vonage phone can operate *behind*
> a NAT router these days.

Ever taken a look at what violence is done to the protocol design to make
that stuff work? ;)

> Remember, all you need is HTTPS open outbound, and more programs than
> you like can tunnel outbound and inbound data across that. ;)

You sure you want to point that out?  :)

You're making the case that heavy-handed per-port blocking doesn't do any
benefit security-wise, because all it actually accomplishes is to make all the
malware use SSL over port 443 to tunnel out, where Snort and similar tools
can't see the malware anymore....

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20060119/050e8bc1/attachment.bin


More information about the list mailing list