Antoine Pitrou wrote:
Le mercredi 05 juillet 2006 à 19:31 -0700, Lemon Obrien a écrit :
When two processes are running on the same machine; different port
numbers, using their known global ip address, can not talk to each
other, yet be able to find and communicate with all other peers.
Yes I've seen it happen behind a NAT too. I've been explained it's a
security measure: if this was allowed, an external host could use IP
spoofing to simulate traffic between machines on the LAN (while LAN
traffic is supposed to be trustable), and then do all kinds of nasty
things.
I worked very closely with a number of NAT/policing engines. Having
thought about your remark for sometime now, I can't seem to understand
how hairpin'ing could possibly contribute to an attack you referred to.
It sounds more like a design flaw in a specific policing engine that
was 'plugged' by disabling hairpin'ing. Do you have any details on the
context of the explanation you received ?
Thanks,
Alex
_______________________________________________
p2p-hackers mailing list
[email protected]
http://lists.zooko.com/mailman/listinfo/p2p-hackers
