[VOIPSEC] IPv6 and the demise (or not) of NAT (was Re:Interactive Connectivity Establishment (ICE))
s.horne at packetizer.com
Tue Nov 15 01:32:36 GMT 2005
At 07:56 AM 15/11/2005, you wrote:
>At 03:03 PM 11/14/2005, Simon Horne wrote:
>s reason a lot of people are very hesitant to turn it on in their routers.
>Other security risks as well.
>As you imply, Malcode on a PC can take advantage of PnP to set up all
>sorts of covert channels.
Yes, they take advantage of the Microsoft stack that ships with Win XP
(which is disabled by default) and should be left that way. Which is why I
used an internal compiled stack from Intel.
>I have seen some rather nasty uses of PnP in attacks on physical
>security. I hope we don't punt on this one.
Nor do I, however it works and can be done in VoIP and if you do not enable
UPnP within the PC the chances of malware is greatly reduced however it is
still does not remove it. Malware can have their own internal stack, There
really needs to be some form of security within the routers to determine
which programs/machines are permitted to use it. Until that happen I don't
think widespread adoption will occur either..
Lets not forget malware can already call out to a server on the Internet,
open a pin hole and the server can then gain access to the computer on the
network without UPnP.
More information about the Voipsec