[VOIPSEC] IPv6 and the demise (or not) of NAT (was Re:Interactive Connectivity Establishment (ICE))
Simon Horne
s.horne at packetizer.com
Mon Nov 14 19:32:36 CST 2005
At 07:56 AM 15/11/2005, you wrote:
>At 03:03 PM 11/14/2005, Simon Horne wrote:
>s reason a lot of people are very hesitant to turn it on in their routers.
>
>Other security risks as well.
>
>As you imply, Malcode on a PC can take advantage of PnP to set up all
>sorts of covert channels.
Yes, they take advantage of the Microsoft stack that ships with Win XP
(which is disabled by default) and should be left that way. Which is why I
used an internal compiled stack from Intel.
>I have seen some rather nasty uses of PnP in attacks on physical
>security. I hope we don't punt on this one.
Nor do I, however it works and can be done in VoIP and if you do not enable
UPnP within the PC the chances of malware is greatly reduced however it is
still does not remove it. Malware can have their own internal stack, There
really needs to be some form of security within the routers to determine
which programs/machines are permitted to use it. Until that happen I don't
think widespread adoption will occur either..
Lets not forget malware can already call out to a server on the Internet,
open a pin hole and the server can then gain access to the computer on the
network without UPnP.
Simon
Simon Horne
Director
Packetizer Labs
www.packetizer.com/labs
More information about the Voipsec
mailing list