NAT-Slipstreaming: ipfire is mentioned by heise online

ipfire is mentioned in the press article about NAT slipstreaming by heise online (penultimate paragraph)

https://www.heise.de/news/NAT-Slipstreaming-Angriffe-Es-kommt-noch-schlimmer-5078104.html

Thanks @tofficap !

Concerning Heise’s blatant content:

Nun sind die Cyberkriminellen in der Lage, …
Dabei umgehen sie die herkömmliche Sicherheitsarchitektur, wie Firewalls und NAT-Tabellen …

To put it straight:

SIP ALG is a mechanism to bypass the very basics of any firewall:

  • the user’s firewall configuration decides who is to enter or kept outside

Instead, strangers are invited to overrule these limitations “to the user’s comfort”:

  • open additional ports according to “the user’s needs”

That’s what I call “broken by design” → “broken by purpose”.

Why invest into a firewall in the first place?

So nobody should blame those ‘evil cyberkriminals’ to exploit this ridiculous invitation
to overrule these limitations to their liking → to their comfort.

2 Likes