<div>basically once i finished punching a hole through NAT; a business partner went out to buy a new router; with a double firewall, NAT + SPI...and it cause problems. I don't really want to do upnp thing to set the router.</div> <div> </div> <div>I can punch through the SPI firewall by adding a test server side to test the remote-address against the assumed global; and have relay-peers translate to and from to the rest of the network;</div> <div> </div> <div>if they actually inspect the packet; well; i'm fucked. upnp will take too long; and probably won't work well either from what i'm gathering from reading this list.</div> <div> </div> <div>el<BR><BR><B><I>David Barrett <dbarrett@quinthar.com></I></B> wrote:</div> <BLOCKQUOTE class=replbq style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid"> <META content="Microsoft Word 11 (filtered medium)" name=Generator> <STYLE> v\:* {behavior:url(#default#VML);} o\:*
{behavior:url(#default#VML);} w\:* {behavior:url(#default#VML);} .shape {behavior:url(#default#VML);} </STYLE> <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:SmartTagType name="PersonName" namespaceuri="urn:schemas-microsoft-com:office:smarttags"></o:SmartTagType> <STYLE> st1\:*{behavior:url(#default#ieooui) } </STYLE> <STYLE> <!-- v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:* {behavior:url(#default#VML);} .SHAPE {behavior:url(#default#VML);} st1\:*{behavior:url(#default#ieooui) } /* Font Definitions */ @font-face {font-family:Tahoma; panose-1:2 11 6 4 3 5 4 4 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:12.0pt; font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline;}
span.EmailStyle17 {mso-style-type:personal; font-family:Arial; color:navy;} span.EmailStyle18 {mso-style-type:personal-reply; font-family:Arial; color:navy;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in;} div.Section1 {page:Section1;} --> </STYLE> <DIV class=Section1> <div class=MsoNormal><FONT face=Arial color=navy size=2><SPAN style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">It’s my understanding that firewalls employing deep packet inspection work like any other, except also use the contents of the packet (or stream of packets) in their filtering decisions. Thus I’m not sure they really deserve special treatment, unless you find that your protocol is being specifically targeted by admins. And if so, you might want to tunnel over SSL or SSH or some other encrypted protocol that probably isn’t blocked.<o:p></o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face=Arial color=navy size=2><SPAN style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">What specifically are you seeing in the field that’s mucking you up?<o:p></o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face=Arial color=navy size=2><SPAN style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face=Arial color=navy size=2><SPAN style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">-david<o:p></o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face=Arial color=navy size=2><SPAN style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></div> <DIV style="BORDER-RIGHT: medium none; PADDING-RIGHT: 0in; BORDER-TOP: medium none; PADDING-LEFT: 4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: blue 1.5pt solid; PADDING-TOP: 0in; BORDER-BOTTOM: medium
none"> <DIV> <DIV class=MsoNormal style="TEXT-ALIGN: center" align=center><FONT face="Times New Roman" size=3><SPAN style="FONT-SIZE: 12pt"> <HR tabIndex=-1 align=center width="100%" SIZE=2> </SPAN></FONT></DIV> <div class=MsoNormal><B><FONT face=Tahoma size=2><SPAN style="FONT-WEIGHT: bold; FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">From:</SPAN></FONT></B><FONT face=Tahoma size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma"> p2p-hackers-bounces@zgp.org [mailto:p2p-hackers-bounces@zgp.org] <B><SPAN style="FONT-WEIGHT: bold">On Behalf Of </SPAN></B>Lemon Obrien<BR><B><SPAN style="FONT-WEIGHT: bold">Sent:</SPAN></B> Monday, June 12, 2006 5:47 PM<BR><B><SPAN style="FONT-WEIGHT: bold">To:</SPAN></B> <?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" /><st1:PersonName w:st="on">Peer-to-peer development.</st1:PersonName><BR><B><SPAN style="FONT-WEIGHT: bold">Subject:</SPAN></B> RE: [p2p-hackers] I hate SPI
Firewalls</SPAN></FONT><o:p></o:p></div></DIV> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN style="FONT-SIZE: 12pt"><o:p> </o:p></SPAN></FONT></div> <DIV> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN style="FONT-SIZE: 12pt">specifically...do SPI firewalls use a different port number for each new destination ip address? Or do they actuall check the packet; or is it determined by vendor?<o:p></o:p></SPAN></FONT></div></DIV> <DIV> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN style="FONT-SIZE: 12pt"> <o:p></o:p></SPAN></FONT></div></DIV> <DIV> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN style="FONT-SIZE: 12pt">thanks<BR><BR><B><I><SPAN style="FONT-WEIGHT: bold; FONT-STYLE: italic">David Barrett <dbarrett@quinthar.com></SPAN></I></B> wrote:<o:p></o:p></SPAN></FONT></div></DIV> <BLOCKQUOTE style="BORDER-RIGHT: medium none; PADDING-RIGHT: 0in; BORDER-TOP: medium none; MARGIN-TOP: 5pt;
PADDING-LEFT: 4pt; MARGIN-BOTTOM: 5pt; PADDING-BOTTOM: 0in; MARGIN-LEFT: 3.75pt; BORDER-LEFT: #1010ff 1.5pt solid; PADDING-TOP: 0in; BORDER-BOTTOM: medium none"> <DIV> <div class=MsoNormal><FONT face=Arial color=navy size=2><SPAN style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">Do you specifically mean how to impersonate other protocols so as to avoid SPI (stateful packet inspection, I assume) firewalls? Or is there some more “correct” way, such as UPnP?<o:p></o:p></SPAN></FONT></div></DIV> <DIV> <div class=MsoNormal><FONT face=Arial color=navy size=2><SPAN style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></div></DIV> <DIV> <div class=MsoNormal><FONT face=Arial color=navy size=2><SPAN style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">-david<o:p></o:p></SPAN></FONT></div></DIV> <DIV> <div class=MsoNormal><FONT face=Arial color=navy size=2><SPAN style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY:
Arial"><o:p> </o:p></SPAN></FONT></div></DIV> <DIV style="BORDER-RIGHT: medium none; PADDING-RIGHT: 0in; BORDER-TOP: medium none; PADDING-LEFT: 4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: blue 1.5pt solid; PADDING-TOP: 0in; BORDER-BOTTOM: medium none"> <DIV> <DIV class=MsoNormal style="TEXT-ALIGN: center" align=center><FONT face="Times New Roman" size=3><SPAN style="FONT-SIZE: 12pt"> <HR tabIndex=-1 align=center width="100%" SIZE=2> </SPAN></FONT></DIV> <DIV> <div class=MsoNormal><B><FONT face=Tahoma size=2><SPAN style="FONT-WEIGHT: bold; FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">From:</SPAN></FONT></B><FONT face=Tahoma size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma"> p2p-hackers-bounces@zgp.org [mailto:p2p-hackers-bounces@zgp.org] <B><SPAN style="FONT-WEIGHT: bold">On Behalf Of </SPAN></B>Lemon Obrien<BR><B><SPAN style="FONT-WEIGHT: bold">Sent:</SPAN></B> Monday, May 29, 2006 10:29 PM<BR><B><SPAN style="FONT-WEIGHT: bold">To:</SPAN></B> <?xml:namespace prefix
= u1 /><u1:PersonName u2:st="on"><st1:PersonName w:st="on">Peer-to-peer development.</u1:PersonName></st1:PersonName><BR><B><SPAN style="FONT-WEIGHT: bold">Subject:</SPAN></B> [p2p-hackers] I hate SPI Firewalls</SPAN></FONT><o:p></o:p></div></DIV></DIV> <DIV> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN style="FONT-SIZE: 12pt"><o:p> </o:p></SPAN></FONT></div></DIV> <DIV> <DIV> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN style="FONT-SIZE: 12pt">does anyone know where i can obtain easy documentation on how to punch and maintain a hole through SPI; any helpful hints?<o:p></o:p></SPAN></FONT></div></DIV></DIV> <DIV> <DIV> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN style="FONT-SIZE: 12pt"> <o:p></o:p></SPAN></FONT></div></DIV></DIV> <DIV> <DIV> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN style="FONT-SIZE: 12pt">i'm having problems with Netgear
Routers.<o:p></o:p></SPAN></FONT></div></DIV></DIV> <DIV> <DIV> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN style="FONT-SIZE: 12pt"> <o:p></o:p></SPAN></FONT></div></DIV></DIV> <DIV> <DIV> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN style="FONT-SIZE: 12pt">thanks.<o:p></o:p></SPAN></FONT></div></DIV></DIV> <DIV> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN style="FONT-SIZE: 12pt"><BR><BR>You don't get no juice unless you squeeze<BR>Lemon Obrien, the Third.<o:p></o:p></SPAN></FONT></div></DIV></DIV> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN style="FONT-SIZE: 12pt">_______________________________________________<BR>p2p-hackers mailing list<BR>p2p-hackers@zgp.org<BR>http://zgp.org/mailman/listinfo/p2p-hackers<BR>_______________________________________________<BR>Here is a web page listing P2P
Conferences:<BR>http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences<o:p></o:p></SPAN></FONT></div></BLOCKQUOTE> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN style="FONT-SIZE: 12pt"><BR><BR><BR>You don't get no juice unless you squeeze<BR>Lemon Obrien, the Third.<o:p></o:p></SPAN></FONT></div></DIV></DIV>_______________________________________________<BR>p2p-hackers mailing list<BR>p2p-hackers@zgp.org<BR>http://zgp.org/mailman/listinfo/p2p-hackers<BR>_______________________________________________<BR>Here is a web page listing P2P Conferences:<BR>http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences<BR></BLOCKQUOTE><BR><BR><BR>You don't get no juice unless you squeeze<br>Lemon Obrien, the Third.