POV-Ray: Newsgroups: povray.off-topic: Is this the end of the world as we know it?: Re: Is this the end of the world as we know it?

POV-Ray : Newsgroups : povray.off-topic : Is this the end of the world as we know it? : Re: Is this the end of the world as we know it?		Server Time 31 Jul 2024 08:24:24 EDT (-0400)

From: Le Forgeron
Date: 13 Oct 2011 05:27:30
Message: <4e96af02$1@news.povray.org>

Le 13/10/2011 10:21, Invisible a écrit :
> On 12/10/2011 05:19 PM, Darren New wrote:
>> On 10/12/2011 1:27, Invisible wrote:
>>> The "secret" part being that they didn't warn anybody "hey, we've
>>> implemented a new feature to completely disable the security of your
>>> network".
>>
>> It's no more disabling the security of your network than telnet or pop3
>> or http is. You have to tunnel out before you can get any answers back.
> 
> OK. So how is my statement that "you cannot log in to it from outside
> the building" invalidated then?

Because you assume that the firewall/Nat will protect you for that purpose.
Local teredo will send packets from inside to the outside, using UDP...
and most firewall/Nat will track that as "open a temporary route for the
UDP answer". Ergo, you will be exposed.
The nice thing, is that you are not aware that teredo might or might not
send some packets... whereas usually for telnet, you asked for the
application and the connection.

Of course, you can argue that your firewall setting is using the
explicit whitelist only approach. But usually, that does not work.
you often need whitelist + tracking of outgoing connection... and there,
you're stuck with teredo.

Have a nice day.

-- 
Software is like dirt - it costs time and money to change it and move it
around.

Just because you can't see it, it doesn't weigh anything,
and you can't drill a hole in it and stick a rivet into it doesn't mean
it's free.

Post a reply to this message