I just thought of a way to potentially subvert a firewall using appletalk.
I'm going to have to review the Appletalk situation here... :-(
1. Find a poorly configured Mac which allows file-sharing to its
2. Write an ethernet-sniffing INIT and drop it into the System Folder.
3. Wait for the Mac to be rebooted and collect the traffic.
4. Read the results, and hope that some useful info is there.
I'm not saying the above is easy, but I think the theory looks right.