Re: attack on a computer behind a nat.



Shreyas Zare wrote:
Hi,

Thats precisely Simple Traversal of UDP through NAT (STUN) protocol. I
believe that only UDP can be exploited with some success and TCP will
be almost impossible unless you compromise the NAT box itself.

Pretty much, yes.
Normally, an outbound tcp will be just that - a port opened at random by
a program to perform an outbound (originating) tcp handshake and
conversation; it won't be expecting to receive an inbound tcp handshake
on that port, and usually will just drop packets of that type.
udp ports are much more likely to accept random packets from places they
aren't expecting them to come from.


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------



Relevant Pages

  • NFS problem with recent 2.6 kernels (also serial console weirdness)
    ... 100000 2 tcp 111 portmapper ... 100000 2 udp 111 portmapper ... mounted filesystem with ordered data mode. ... Mounted root (ext3 filesystem) readonly. ...
    (Linux-Kernel)
  • Re: Open port PIX 501
    ... :i can't open the port in my PIX. ... :I need open the port 1000 to point to the IP 10.254.254.222. ... in practice only DNS servers doing zone transfers need tcp. ... of UDP, it would be a highly unusual client which did not stick ...
    (comp.dcom.sys.cisco)
  • Re: UDP question
    ... Re: UDP question.eml ... >>> Most modern services utilise TCP, ... The only open port should be the port I use for Open VPN, ...
    (Security-Basics)
  • Re: Re[5]: Assymetric NIC performance problem
    ... I've got a FreeBSD file server running Samba, file upload speeds are okay, ... Client connecting to 192.168.0.1, TCP port 5001 ... Sorry, I didn't know that UDP bandwidth must be specified manually, ...
    (freebsd-net)
  • RE: DNS Records
    ... tcp>1023 53 Client queries with long replies ... On other client types, ... if you lock down all but port ... a client queries an initial server from an unreserved port number to UDP ...
    (Security-Basics)