[p2p-hackers] I hate SPI Firewalls

Lemon Obrien lemonobrien at yahoo.com
Tue Jun 13 01:34:09 UTC 2006


basically once i finished punching a hole through NAT; a business partner went out to buy a new router; with a double firewall, NAT + SPI...and it cause problems. I don't really want to do upnp thing to set the router.
   
  I can punch through the SPI firewall by adding a test server side to test the remote-address against the assumed global; and have relay-peers translate to and from to the rest of the network;
   
  if they actually inspect the packet; well; i'm fucked. upnp will take too long; and probably won't work well either from what i'm gathering from reading this list.
   
  el

David Barrett <dbarrett at quinthar.com> wrote:
        v\:* {behavior:url(#default#VML);}  o\:* {behavior:url(#default#VML);}  w\:* {behavior:url(#default#VML);}  .shape {behavior:url(#default#VML);}        st1\:*{behavior:url(#default#ieooui) }                It’s my understanding that firewalls employing deep packet inspection work like any other, except also use the contents of the packet (or stream of packets) in their filtering decisions.  Thus I’m not sure they really deserve special treatment, unless you find that your protocol is being specifically targeted by admins.  And if so, you might want to tunnel over SSL or SSH or some other encrypted protocol that probably isn’t blocked.
   
  What specifically are you seeing in the field that’s mucking you up?
   
  -david
   
        
---------------------------------
  
  From: p2p-hackers-bounces at zgp.org [mailto:p2p-hackers-bounces at zgp.org] On Behalf Of Lemon Obrien
Sent: Monday, June 12, 2006 5:47 PM
To: Peer-to-peer development.
Subject: RE: [p2p-hackers] I hate SPI Firewalls

   
    specifically...do SPI firewalls use a different port number for each new destination ip address? Or do they actuall check the packet; or is it determined by vendor?

     

    thanks

David Barrett <dbarrett at quinthar.com> wrote:

      Do you specifically mean how to impersonate other protocols so as to avoid SPI (stateful packet inspection, I assume) firewalls?  Or is there some more “correct” way, such as UPnP?

     

    -david

     

        
---------------------------------
  
    From: p2p-hackers-bounces at zgp.org [mailto:p2p-hackers-bounces at zgp.org] On Behalf Of Lemon Obrien
Sent: Monday, May 29, 2006 10:29 PM
To: Peer-to-peer development.
Subject: [p2p-hackers] I hate SPI Firewalls


     

      does anyone know where i can obtain easy documentation on how to punch and maintain a hole through SPI; any helpful hints?


       


      i'm having problems with Netgear Routers.


       


      thanks.


    

You don't get no juice unless you squeeze
Lemon Obrien, the Third.


  _______________________________________________
p2p-hackers mailing list
p2p-hackers at zgp.org
http://zgp.org/mailman/listinfo/p2p-hackers
_______________________________________________
Here is a web page listing P2P Conferences:
http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences
  


You don't get no juice unless you squeeze
Lemon Obrien, the Third.


_______________________________________________
p2p-hackers mailing list
p2p-hackers at zgp.org
http://zgp.org/mailman/listinfo/p2p-hackers
_______________________________________________
Here is a web page listing P2P Conferences:
http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences



You don't get no juice unless you squeeze
Lemon Obrien, the Third.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://zgp.org/pipermail/p2p-hackers/attachments/20060612/d681198c/attachment.htm


More information about the P2p-hackers mailing list