AO>> 1. the computer on 192.168.1.78(example) is up
Nice. Most computers tend to be up when people are working.
AO>> 2. It can receive connection to the ICQ port
Wrong. Firewall won't let incoming connection in. It would only allow to
receive UDP packets inside "virtual circuit" created by outgoing
connection.
AO>> 3. the NAT gateway/fw allows "related" packets to pass from icq to
AO>> 192.168.1.78
Yes, so you can talk to gateway's forwarding port and to ICQ via it. So
what?
AO>> 4. icq packets are classified as "related".
AO>>
AO>> Now any man-in-the-middle attack becomes very easy.
AO>> You spoof your address (using known flaws in DNS)
AO>> and easily get into the inner network.
Here you lost me. All you can do is to send packets to firewall's
firwarding port, where they will be forwarded to ICQ's port on intranet
computer, which will or process them, if they are valid UDP packets coming
from the right source, or drop them. With skill, you can disrupt some ICQ
session, but no more. Don't see "easily getting into inner network" here.
BTW: this has nothing to do with DNS. No sane sysadmin bases firewall
rules on DNS. Most firewalls won't even allow you to do this.
--
[EMAIL PROTECTED] \/ There shall be counsels taken
Stanislav Malyshev /\ Stronger than Morgul-spells
phone +972-3-9316425 /\ JRRT LotR.
http://sharat.co.il/frodo/ whois:!SM8333
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
