RE: [p2p-hackers] I hate SPI Firewalls

Mon, 12 Jun 2006 18:35:06 -0700

basically once i finished punching a hole through NAT; a business partner went out to buy a new router; with a double firewall, NAT + SPI...and it cause problems. I don't really want to do upnp thing to set the router.
 
I can punch through the SPI firewall by adding a test server side to test the remote-address against the assumed global; and have relay-peers translate to and from to the rest of the network;
 
if they actually inspect the packet; well; i'm fucked. upnp will take too long; and probably won't work well either from what i'm gathering from reading this list.
 
el

David Barrett <[EMAIL PROTECTED]> wrote:
It’s my understanding that firewalls employing deep packet inspection work like any other, except also use the contents of the packet (or stream of packets) in their filtering decisions.  Thus I’m not sure they really deserve special treatment, unless you find that your protocol is being specifically targeted by admins.  And if so, you might want to tunnel over SSL or SSH or some other encrypted protocol that probably isn’t blocked.
 
What specifically are you seeing in the field that’s mucking you up?
 
-david
 
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lemon Obrien
Sent: Monday, June 12, 2006 5:47 PM
To: Peer-to-peer development.
Subject: RE: [p2p-hackers] I hate SPI Firewalls
 
specifically...do SPI firewalls use a different port number for each new destination ip address? Or do they actuall check the packet; or is it determined by vendor?
 
thanks

David Barrett <[EMAIL PROTECTED]> wrote:
Do you specifically mean how to impersonate other protocols so as to avoid SPI (stateful packet inspection, I assume) firewalls?  Or is there some more “correct” way, such as UPnP?
 
-david
 
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lemon Obrien
Sent: Monday, May 29, 2006 10:29 PM
To: Peer-to-peer development.
Subject: [p2p-hackers] I hate SPI Firewalls
 
does anyone know where i can obtain easy documentation on how to punch and maintain a hole through SPI; any helpful hints?
 
i'm having problems with Netgear Routers.
 
thanks.


You don't get no juice unless you squeeze
Lemon Obrien, the Third.
_______________________________________________
p2p-hackers mailing list
[email protected]
http://zgp.org/mailman/listinfo/p2p-hackers
_______________________________________________
Here is a web page listing P2P Conferences:
http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences



You don't get no juice unless you squeeze
Lemon Obrien, the Third.
_______________________________________________
p2p-hackers mailing list
[email protected]
http://zgp.org/mailman/listinfo/p2p-hackers
_______________________________________________
Here is a web page listing P2P Conferences:
http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences



You don't get no juice unless you squeeze
Lemon Obrien, the Third.
_______________________________________________
p2p-hackers mailing list
[email protected]
http://zgp.org/mailman/listinfo/p2p-hackers
_______________________________________________
Here is a web page listing P2P Conferences:
http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences

Reply via email to