Re: Network Address Translation insecurities

From: Chris Berry (compjma@hotmail.com)
Date: 09/25/02 

From: "Chris Berry" <compjma@hotmail.com>
To: security-basics@securityfocus.com
Date: Wed, 25 Sep 2002 14:28:18 -0700

That is totally incorrect, although it might make it marginally harder for
amateurs, the attacker can bypass NAT by specifying the route for the packet
to take. This is called source routing, now if you were to drop source
routed packets at the firewall then I'm not sure what they could do, perhaps
someone else could chime in with a comment on that?

>From: "Schuler, Jeff" <Jeff.Schuler@hit.cendant.com>
>To: security-basics@securityfocus.com
>Subject: Network Address Translation insecurities
>Date: Wed, 25 Sep 2002 10:17:04 -0700
>
>I am looking for information regarding the insecurities and vulnerabilities
>that exist in Network Address Translation. One of our admins feels that
>because everything is NAT'd that there is no way anyone can break into the
>systems that are NAT'd. I know that this is not a completely accurate
>statement but need to find some research and documentation regarding this.
>All our systems are behind at least one firewall so please don't advise me
>to install a firewall as extra security as they are already there. I just
>want to make sure that we are not overlooking serious vulnerabilities just
>because the box is behind a NAT. In order to justify doing vulnerability
>testing on some of our internal systems I need to demonstrate the
>insecurities in NAT.
>
>Thanks in advance
>
>Jeff Schuler

Chris Berry
compjma@hotmail.com
Systems Administrator
JM Associates

"I have found the way, and the way is Perl."

_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com

Relevant Pages

  • RE: Network Address Translation insecurities
    ... I am looking for information regarding the insecurities and vulnerabilities ... All our systems are behind at least one firewall so please don't advise me ... because the box is behind a NAT. ...
    (Security-Basics)
  • RE: Network Address Translation insecurities
    ... It can not be stressed enough that NAT alone is _no protection at ... By adding a route to the network you can directly reach the machines ... I am looking for information regarding the insecurities and vulnerabilities ...
    (Security-Basics)
  • Network Address Translation insecurities
    ... I am looking for information regarding the insecurities and vulnerabilities ... All our systems are behind at least one firewall so please don't advise me ... because the box is behind a NAT. ...
    (Security-Basics)
  • Re: WinRoute Pro
    ... the NAT table for I believe. ... packet logging shows some nice information but other times the ... when the connection is torn down from the client side ...
    (comp.security.firewalls)
  • Re: [fw-wiz] Stats on how common NAT is?
    ... > companies over the years that have used NAT as Bill Royd's ... any network topology, which connects to the Internet, IMHO. ... vulnerabilities, threats and attacks across several redundant ... balance vulnerabilities, threats and attacks with risks, ...
    (Firewall-Wizards)