Re: Proxy vs stateful... oh no, not again :) (Was: Re: Migration fromGauntlet 5 to Firewall-1)

Wed, 10 Apr 2002 23:22:26 -0700 


Mikael Olsson posted a few fine links that would clue you to this:

http://hometoys.com/htinews/aug01/articles/microsoft/upnp.htm

That being the betterer link with lots of scary stuff in it this convo has
evolved about.

Thanks,

Ron DuFresne

On Mon, 8 Apr 2002, kk downing wrote:

> What is UPnP and or UPnp NAT traversal? Is this
> something to do with an NT ISA Firewall?
> Thanks
> --- Mikael Olsson <[EMAIL PROTECTED]> wrote:
> >
> > "Paul D. Robertson" wrote:
> > >
> > > Mikael Olsson wrote:
> > > > [laymans version of UPnP NAT traversal]
> > >
> > > It's worse, UPnP in the OS allows over-the-network
> > driver loading (which
> > > is why HP is supporting it)- so, the UPnP firewall
> > opens the ports, the
> > > UPnP OS loads the tainted driver, then it starts
> > crawling around the
> > > network.  At some point, the NTFS drivers are
> > going to be good enough, and
> > > someone's going to be drunk enough to write up a
> > worm to simply replace
> > > WindowsXPQRST with Linux...
> >
> > Ouch man. I just thought you meant remote install
> > over the UPnP
> > buffer overrun we all know, but this is worse.
> >
> > Since it seems appropriate in face of horrors
> > unspeakable,
> > I'll just reiterate:
> > > > "Down, not across".
> >
> > --
> > Mikael Olsson, Clavister AB
> > Storgatan 12, Box 393, SE-891 28 �RNSK�LDSVIK,
> > Sweden
> > Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26
> > 222 05
> > Fax: +46 (0)660 122 50       WWW:
> > http://www.clavister.com
> > _______________________________________________
> > Firewalls mailing list
> > [EMAIL PROTECTED]
> > http://lists.gnac.net/mailman/listinfo/firewalls
>
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Tax Center - online filing with TurboTax
> http://taxes.yahoo.com/
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> http://lists.gnac.net/mailman/listinfo/firewalls
>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls























					Reply via email to