RE: NetScreen XP and NetMeeting

["Sarbjit Singh Gill" <ssgill () gilltechnologies com>]

Thanks. I never knew h.323 was that difficult to work with.

-----Original Message-----
From: Brian Bruns [mailto:bruns () 2mbit com]
Sent: Tuesday, December 17, 2002 2:25 AM
To: security-basics () lists securityfocus com
Subject: RE: NetScreen XP and NetMeeting


Oops, forgot to hit Reply to all:

At 01:25 AM 12/16/02 +0800, you wrote:

> If you have used netmeeting before you realize that there will be a window
> message on the caller's PCs "Waiting for response from  <ip address>. I was
> shocked to the see the internal IP of the internal PC in this window. How
> could NetScreen running NAT allow an internal ip (192.168.z.x) "escape"
into
> the net and be seen by the caller.


Don't forget, the H.323 protocol embeds the IP directly into the data part
of the packet.  Even if the headers have been properly mangled, the orig IP
is still in the data.  This is why H.323 is a pain to get working behind
NAT.  There was a linux kernel module at one point which could properly
rewrite the packet completely and allow for proper communication.


--------------------------------
Brian Bruns
Founder, The Summit Open Source Development Group
Open Solutions For A Closed World / Anti-Spam Resources
http://www.2mbit.com
ICQ: 8077511

No spam tolerated.  By sending an e-mail to this account, your
server may be subjected to an open relay/open proxy test as part
of our ongoing efforts to reduce spam.