On Mon, 29 Aug 2016 11:55:03 +0100 Tixy <t...@yxit.co.uk> wrote: > On Sun, 2016-08-28 at 15:36 -0400, Perry E. Metzger wrote: > > On Sun, 28 Aug 2016 14:35:01 +0200 Frederic Marchal > [...] > > > > > > Even if the requirements are met, the attack fails if the > > > client is protected by a stateful firewall (either on a NAT > > > router, modem or computer). > > > > So essentially no smartphones are protected, > > In my experience, devices on mobile phone networks don't have > public IP addresses,
Not true, and certainly not universally true. Indeed, more and more now have v6 addresses as well as v4. Regardless, it makes no difference as you can still attack the devices in spite of the NAT. I don't get why everyone wants to argue that a problem that is known to be bad and is fixed in the kernel versions released by the kernel maintainers should be ignored. Perry -- Perry E. Metzger pe...@piermont.com
