|
|
|
|
|
|
by buzer
3510 days ago
|
|
|
> How many IoT devices need to allow incoming connections at all? And how many connections do they need to make? If they need outgoing connections, they likely also need incoming when we are speaking about stateless filtering. Without incoming connections only UDP would be allowed and it would be usually impossible to determine if the packet should be send again (it would only be possible if there was out of band method to detect it). Ok, I will admit that it's possible to check the TCP headers and just drop incoming SYN packets without ACK, but then you need to start trusting that the IoT device can handle invalid TCP packets. |
|
|
I have more faith in that than I have faith in a router that does complex state-tracking logic to not contain RCE vulnerabilities itself.