Re: attack on a computer behind a nat.



Most of the replies to this thread focused on forging of packets and so on.

If what you want is to attack a computer behind NAT, then I suggest that you look at how real attackers do it. Many home networks or small businesses are behind NAT yet they still have plenty of security incidents, and the attackers almost never (to my knowledge) forge packets in order to gain access. Instead they either bounce off an internet facing service (as someone else mentioned) - like some remote access service, or hack the client.

Client-side attacks are the most effective way of breaking through, and is what is being done in order to break into such networks. Therefore, I suggest that you take this approach if it is possible. Of course it always depends on the scope of your penetration test.

Hope this helps

Sandro Gauci
http://enablesecurity.com/

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------