Re: testing for IP address space leakage in NAT systems
From: Iván Arce (core.lists.pentest@core-sdi.com)Date: 01/22/02
- Previous message: Gamble: "Re: testing for IP address space leakage in NAT systems"
- In reply to: R P G: "testing for IP address space leakage in NAT systems"
- Next in thread: Joshua Wright: "RE: testing for IP address space leakage in NAT systems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Iván Arce <core.lists.pentest@core-sdi.com> To: <pen-test@securityfocus.com> Date: Mon, 21 Jan 2002 20:44:54 -0300
Hi,
this is just an idea , i havent had time to actually test it, so...
I would try using IP fragmentation or TCP reassembly tricks with protocols
that
require payload rewriting at the NAT device. An example of this would be
FTP control messages.
It proved usefull to open holes thru packet filtering firewalls with
stateful inspection so it might as well work for obtaining internal
adresses.
Pointers to related stuff:
http://www.securityfocus.com/bid/1045
Cool stuff presented by Tomas Lopatic,John MacDonald and Dug Song
at BlackHat Briefings LV 2000:
http://www.blackhat.com/presentations/bh-usa-00/Song-McDonald-Lopatic/Song_M
cDonald_lopatic.ppt
FW-1
http://www.securityfocus.com/bid/1054
PIX
http://www.securityfocus.com/bid/1877
http://www.securityfocus.com/bid/1698
then again a simple email would be equally usefull
-ivan
---"Understanding. A cerebral secretion that enables one having it to know a house from a horse by the roof on the house, Its nature and laws have been exhaustively expounded by Locke, who rode a house, and Kant, who lived in a horse." - Ambrose Bierce
Ivan Arce CTO CORE SECURITY TECHNOLOGIES
44 Wall Street - New York, NY 10005 Ph: (212) 461-2345 Fax: (212) 461-2346 http://www.corest.com
PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836 B25D 207B E78E 2AD1 F65A
----- Original Message ----- From: R P G <core.lists.pentest@core-sdi.com> Newsgroups: core.lists.pentest To: <pen-test@securityfocus.com> Sent: Monday, January 21, 2002 2:02 PM Subject: testing for IP address space leakage in NAT systems
> I was wondering if anyone knows of a method to test a NAT system for > address space leakage. > > Thanks. > > --Bob > > > > -------------------------------------------------------------------------- -- > This list is provided by the SecurityFocus Security Intelligence Alert (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please see: > https://alerts.securityfocus.com/ >
--- for a personal reply use: =?iso-8859-1?Q?Iv=E1n_Arce?= <ivan.arce@corest.com>
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
- Previous message: Gamble: "Re: testing for IP address space leakage in NAT systems"
- In reply to: R P G: "testing for IP address space leakage in NAT systems"
- Next in thread: Joshua Wright: "RE: testing for IP address space leakage in NAT systems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
