RE: NAT/PAT (Hide NAT) Vulnerabilities?
From: CHRIS GRABENSTEIN (LFGRABC@lf.vccs.edu)Date: 11/29/01
- Previous message: Nate.Duzenberry@mortgage.wellsFargo.COM: "RE: Spoofing question?"
- Next in thread: leon: "RE: NAT/PAT (Hide NAT) Vulnerabilities?"
- Reply: leon: "RE: NAT/PAT (Hide NAT) Vulnerabilities?"
- Reply: Reaves, Timothy CECOM RDEC STCD JANUS: "RE: NAT/PAT (Hide NAT) Vulnerabilities?"
- Reply: Seamus Hartmann: "RE: NAT/PAT (Hide NAT) Vulnerabilities?"
- Reply: LAI Chee Wai: "RE: NAT/PAT (Hide NAT) Vulnerabilities?"
- Reply: Paul Leroy: "RE: NAT/PAT (Hide NAT) Vulnerabilities?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <sc0648f4.006@lf.vccs.edu> Date: Thu, 29 Nov 2001 14:29:57 -0500 From: "CHRIS GRABENSTEIN" <LFGRABC@lf.vccs.edu> To: <security-basics@securityfocus.com> Subject: RE: NAT/PAT (Hide NAT) Vulnerabilities?
Preventing incoming connections will do a lot to improve your security,
but by no means is it a total security solution. An attacker could use
a web scripting vulnerability or email trojan to fool your internal
machine into establishing a connection with him. There are other ways
through, but I'm no security expert. We need to take a multi-layered
approach to network security. There's always a way in, we just need to
make it so hard that it's not worth the attacker's time.
-----Original Message-----
From: Dee Harrod <dee_harrod@yahoo.com>
Sent: Tuesday, November 27, 2001 3:14 PM
To: SecurityBasics <security-basics@securityfocus.com>
Subject: NAT/PAT (Hide NAT) Vulnerabilities?
This strikes me as somewhat of a bonehead question,
but it's something that's bothered me for awhile:
Let's say I have DSL at home. Let's also say that I
have a single public IP address, but my internal LAN
uses private addressing. The DSL router performs some
sort of NAT or PAT (probably PAT here). All my
internal machines can reach the Internet through the
DSL router, but when they come out, the source address
is changed to the public address. The ports are
managed by the router, so that it knows who's talking
to whom, and can thus properly direct returning
traffic.
Since someone from the outside accessing the router
itself would be a bad idea, say I'm blocking that.
Let's say it's managed by http, and I have a filter
rule that prohibits anything but my private network
from reaching port 80.
Now, for all intents and purposes, how vulnerable is
my internal network?
You can't start a connection with an internal system
because you can't reach its IP address. Even if you
did manage to hijack a session, of how much value
would it really be?
So it seems to me that if you use NAT/PAT, you don't
need a real firewall unless you're actually permitting
some kind of traffic to connect to something from the
outside.
Is that right?
Dee
__________________________________________________
Do You Yahoo!?
Yahoo! GeoCities quick and easy web site hosting, just $8.95/month.
http://geocities.yahoo.com/ps/info1
- Previous message: Nate.Duzenberry@mortgage.wellsFargo.COM: "RE: Spoofing question?"
- Next in thread: leon: "RE: NAT/PAT (Hide NAT) Vulnerabilities?"
- Reply: leon: "RE: NAT/PAT (Hide NAT) Vulnerabilities?"
- Reply: Reaves, Timothy CECOM RDEC STCD JANUS: "RE: NAT/PAT (Hide NAT) Vulnerabilities?"
- Reply: Seamus Hartmann: "RE: NAT/PAT (Hide NAT) Vulnerabilities?"
- Reply: LAI Chee Wai: "RE: NAT/PAT (Hide NAT) Vulnerabilities?"
- Reply: Paul Leroy: "RE: NAT/PAT (Hide NAT) Vulnerabilities?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
