RE: Private addresses on public network

From: Art Tarsha (atarsha@totality.com)
Date: 07/31/02 

From: Art Tarsha <atarsha@totality.com>
To: 'Octavio / Super ' <alvarezp@doogie.ods.org>, "'security-basics@securityfocus.com '" <security-basics@securityfocus.com>
Date: Tue, 30 Jul 2002 21:29:19 -0700

You can do port forwarding on your border router if you have the proper
feature set (assuming cisco). If you were to forward port 80, all connection
made to the external interface of the "Router" or "Virtual IP (which would
have to be a public IP in your range)" destined for port 80 would forward
the packet into your internal RCF1918 address (10.x.x.x, 172.16.x.x
192.168.x.x). This does expose any vulnerability that may exist for your
webserver in this situation, however not all the vulnerabilities that could
exist on the entire system since you are only forwarding port 80, and not
the rest of the ports available on the system. The same goes for whatever
other ports you wish to forward.

-Art

-----Original Message-----
From: Octavio / Super
To: security-basics@securityfocus.com
Sent: 7/29/2002 11:08 AM
Subject: Private addresses on public network

Hello, everybody!

Let's say I have a network, whose computers are connected directly to
the Internet (meaning that when they have a public IP address, they can
connect to any place, with no firewall or NAT in between (only the
corresponding router)).

Now, let's say that I set some (or all, whatever) of those computers to
have an IP address which does not correspond to my block, (either
standard private addresses (e.g. 192.168.x.x) or any other non-standard
IP address (e.g. 92.0.x.x which must belong to somebody)).

Q: Is there any way of connecting to them from an external network? I
mean, are they exposed to any security threat as if they were configured
with their [normal] public IP address?

Thanks.

Octavio. 

---
Visita http://doogie.ods.org/ (Revisada: 2002.01.04)
/***************************************************
Octavio Alvarez (aka: Super, Doogie)
ICQ# 42020731. MSN_ID: alvarezp2000@h0tmail.com
***************************************************/

Relevant Pages

  • Re: Using Remote Desktop From an SBS Domain
    ... when you tried to RDP while attached directly to a port on your router? ... So if 3389 needs forwarded on the client end too then that is what the ... Hopefully next week I can attempt a connection while my ISP watches the ...
    (microsoft.public.windows.server.sbs)
  • Re: Setting up Home Network w/ 2 Routers
    ... successfully got my 2Wire, Netgear, and Linksys playing nicely. ... Connected the LAN port #1 of 2Wire to the WAN port of the Netgear. ... connection type and all for me. ... If you add another router to the mix, just make sure to disable the ...
    (microsoft.public.windowsxp.network_web)
  • How did they get behind my NAT?
    ... this point I panicked and shutdown the VNC service ASAP. ... My question is how the attacker got to my VNC port! ... the internet through the router. ... client connection using local port number 5900 (which was also being ...
    (alt.computer.security)
  • Re: Can not access Web and FTP sites from Internet
    ... your IP Configuration on the Server is correctly. ... Connecting To 12.208.215.87...Could not open connection to the host, ... 1> From the result, we can see the telnet failed, which means the router ... does not forward Port 443 to SBS Server. ...
    (microsoft.public.windows.server.sbs)
  • Re: Correction
    ... Normally to physically disconnect is just a matter of reaching for the ... >> I have an ADSL connection which polls my computer from time to time, ... > disallow each and every port with Windows Firewall? ...
    (microsoft.public.windowsxp.messenger)