Hacker 'Handshake' Hole Found In Common Firewalls
"If the firewall thinks you're inside, the security policy it applies to you is an internal one, and you can run a scan to see where machines are," says Rick Moy, president of NSS Labs. An attacker can then pretty much run wild in the network because the firewall mistakenly considers the IP address as a trusted one coming from behind the firewall.
The link for this article located at Network World is no longer available.