Linksys BEFSR41v4: When is a firewall not a firewall?
Brendan Kidwell
sxfgry902-O/bDAPVd7B0N+BqQ9rBEUg at public.gmane.org
Wed Jul 29 12:31:03 EDT 2009
Tom Metro-16 wrote:
>
> Don Levey wrote:
>> Why are these attempts getting past the Linksys in the first place, and
>> How are they being directed to this one machine?
>
> Is the target machine running a protocol that makes outbound UDP
> connections on random ports? DNS perhaps?
>
> UDP is not stateful, and once your router sets up a NAT table entry for
> the outbound packet, it may not be restricting the source IP of the
> replies.
>
> (Some VPNs take advantage of an aspect of this to accomplish NAT
> traversal...
>
Don, can you afford to shut everything down and run the target machine with
no outbound packets allowed for a day or so and see if the problem goes
away? If it does, then yes as Tom suggests, some outbound pseudo-connection
over UDP is opening up a path back in. (This was my first thought as well.)
--
View this message in context: http://www.nabble.com/Linksys-BEFSR41v4%3A-When-is-a-firewall-not-a-firewall--tp24702395s24859p24722984.html
Sent from the Boston Linux/UNIX General Discussion List mailing list archive at Nabble.com.
More information about the Discuss
mailing list