1) You are really going to argue that you can make a firewall 100% unhackable, 100% sercure?
Seriously?
You have to understand how these things work...
Before you are going to gain access to anything you have to be able to connect to a PORT on the firewall. A Port is merely a software contrivance consisting of a channel number inside a TCP/IP packet. Now... even if you do manage to connect to a port, you've accomplished nothing unless there is something LISTENING to that port. Listening simply means repeatedly checking the buffers for a port to see if there's anything there. Even then you still have to pass commands "Send File", "Format C:" whatever, that the listener (or client) knows how to execute. This by itself is extremely secure...
TCP connects are not simple processes either. There is an entire protocal defined for connecting to a port. Get it wrong and it won't connect. Opening a port in Winsock networking (as defined in the Windows Software Development Kit) is a process of about 15 to 20 software steps involving half a dozen procedure calls. Connecting to that port is almost as complex again. Merely knowing someone's IP address gets you nothing... You can't simply stuff commands into their address and watch their system melt no matter how hard you try.
Now add in a Firewall that basically takes packets from the WAN side and drops them unless a listener is holding the target port open and you've got a pretty much impenitrable barrier. Opening a port on a router's firewall is a whole protocal of it's own as well... I can set up a listener on my computer, opening as many ports as I want to and the router is happy to simply ignore them unless I complete a set of commands sent to --and here we go-- a specific port on the router's admin IP, following it's own listener's protocals for opening an outide port for incomming connections...
The net result of this is that when correctly set up your attempts to bypass the firewall will simply result in whatever packets you send to that IP address disappearing into thin air. No connection, no entry... no listener, no entry... no protocal, no entry... and on and on.
In fact, as I commented earlier most hacking is opportunistic. Some "just smart enough to be dangerous" IT guy leaves a system admin port open AND the router is not protecting it AND you happen to know the protocals... MAYBE you could get inside and try some telnet...
Really, I kid you not... This TV show stuff where some guy gets into a computer in 20 seconds or less, wrecks havoc on it and then leaves no trace... it simply that... TV show stuff. In real life it's as simple as "If you can't connect to it, you are crap out of luck."
