| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20081009214224.GD21013@1wt.eu> Date: Thu, 9 Oct 2008 23:42:24 +0200 From: Willy Tarreau <w@....eu> To: Rémi Denis-Courmont <rdenis@...phalempin.com> Cc: Stephen Hemminger <shemminger@...tta.com>, David Miller <davem@...emloft.net>, netdev@...r.kernel.org Subject: Re: [PATCH] add a sysctl to disable TCP simultaneous connection opening On Thu, Oct 09, 2008 at 07:21:03PM +0300, Rémi Denis-Courmont wrote: > Le mercredi 8 octobre 2008 14:54:02 Stephen Hemminger, vous avez écrit : > > Does this break NAT traversal via STUNT used by applications like Skype? > > This will break the main ICE-TCP mechanism (IETF draft-ietf-mmusic-ice-tcp). > I am not aware of any application using this _as_of_now_. Probably too many > NAT and firewall implementations will reject it already. And then, some TCP > stacks reportedly do not support it (e.g. Windows before Vista). And opening this through firewalls would be too much dangerous as it would allow servers to reconnect outside, pretty much defeating the initial purpose of the firewall. > On the other hand, if someone were to tunnel/encapsulate TCP over UDP, this > could actually be useful - think about peer-to-peer NATted-to-NATted file > transfers for instance. This is already possible using netcat. You can force both ports. It has no flow control but would be enough to chat or transfer small config files. Willy -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists