Firewall pinhole: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 13:30, 26 February 2024 edit Igrokugrok (talk \| contribs) 66 edits added sources Tags: Visual edit Newcomer task Newcomer task: references ← Previous edit		Latest revision as of 03:57, 25 September 2024 edit undo Kvng (talk \| contribs) Extended confirmed users, New page reviewers 106,921 edits m stub
(3 intermediate revisions by 3 users not shown)
Line 1: {{Use American English\|date=September 2024}} In [[computer networking]], a '''firewall pinhole''' is a [[TCP and UDP port\|port]] that is not protected by a [[firewall (networking)\|firewall]] to allow a particular [[application software\|application]] to gain access to a service on a host in the network protected by the firewall<ref>{{Cite web \|title=IPv6 Pinholing: Tutorial & Examples \|url=https://www.catchpoint.com/benefits-of-ipv6/ipv6-pinholing \|access-date=2024-02-26 \|website=www.catchpoint.com \|language=en}}</ref><ref>{{Cite journal \|last=Ancuta Onofrei \|first=Andreea \|last2=Rebahi \|first2=Yacine \|last3=Magedanz \|first3=Thomas \|date=2010-03-20 \|title=Preventing Distributed Denial-of-Service Attacks on the IMS Emergency Services Support through Adaptive Firewall Pinholing \|url=http://www.airccse.org/journal/ijngn/papers/0310ijngn1.pdf \|journal=International Journal of Next-Generation Networks \|volume=2 \|issue=1 \|pages=1–17 \|doi=10.5121/ijngn.2010.2101}}</ref>.▼ ▲In [[computer networking]], a '''firewall pinhole''' is a [[TCP and UDP port\|port]] that is not protected by a [[firewall (networking)\|firewall]] to allow a particular [[application software\|application]] to gain access to a service on a host in the network protected by the firewall.<ref>{{Cite web \|title=IPv6 Pinholing: Tutorial & Examples \|url=https://www.catchpoint.com/benefits-of-ipv6/ipv6-pinholing \|access-date=2024-02-26 \|website=www.catchpoint.com \|language=en}}</ref><ref>{{Cite journal \|last=Ancuta Onofrei \|first=Andreea \|last2=Rebahi \|first2=Yacine \|last3=Magedanz \|first3=Thomas \|date=2010-03-20 \|title=Preventing Distributed Denial-of-Service Attacks on the IMS Emergency Services Support through Adaptive Firewall Pinholing \|url=http://www.airccse.org/journal/ijngn/papers/0310ijngn1.pdf \|journal=International Journal of Next-Generation Networks \|volume=2 \|issue=1 \|pages=1–17 \|doi=10.5121/ijngn.2010.2101}}</ref>. Leaving ports open in firewall configurations exposes the protected system to potentially malicious abuse. A fully closed firewall prevents applications from accessing services on the other side of the firewall. For protection, the mechanism for opening a pinhole in the firewall should implement user validation and authorization. Line 5 ⟶ 7: For firewalls performing a [[network address translation]] (NAT) function, the mapping between the external IP address, port socket and the internal [[IP address]], port socket is often called a pinhole. Pinholes can be created manually or programmatically. They can be temporary, created dynamically for a specific duration such as for a dynamic connection, or permanent, such as for [[~~Signalling~~Signaling (~~telecommunication~~telecommunications)\|signaling]] functions. Firewalls sometimes automatically close pinholes after a period of time (typically a few minutes) to minimize the security exposure. Applications that require a pinhole to be kept open often need to generate artificial traffic through the pinhole in order to cause the firewall to restart its timer. Line 20 ⟶ 22: * [[NAT Port Mapping Protocol]] (NAT-PMP) * [[Internet Gateway Device Protocol]] (UPnP IGD) ==References== {{Reflist}} {{DEFAULTSORT:Firewall Pinhole}} [[Category:Computer network security]] {{compu-network-stub}}