On Thu, Jan 13, 2011 at 11:50 PM, Douglas Otis <do...@mail-abuse.org> wrote: > Unfortunately, a large number of web sites have been compromised, where an > unseen iFrame might be included in what is normally safe content. A device > accessing the Internet through a NATs often creates opportunities for > unknown sources to reach the device as well. Once an attacker invokes a > response, exposures persist, where more can be discovered. There are also > exposures related to malicious scripts enabled by a general desire to show > users dancing fruit. Microsoft now offers a toolkit that allows users a > means to 'decide' what should be allowed to see fruit dance. Users that > assume local networks are safe are often disappointed when someone on their > network wants an application do something that proves unsafe. Methods to > penetrate firewalls are often designed into 'fun' applications or poorly > considered OS features.
Doug, Passive attacks. Very effective. Breeze past the firewall like it wasn't there. Hard to target though; work best when you're fishing for whatever you can get instead of trying to crack a particular system. Some success combining them with social engineering. Not terribly relevant to the discussion in this thread. Firewalls mostly block active attacks where a hacker is pushing unsolicited data at a host instead of waiting for the host to request data. Whether or not NAT is involved doesn't really change that larger picture of the general class of attacks firewalls obstruct. -Bill -- William D. Herrin ................ her...@dirtside.com b...@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
