Re: NAT external/Public IP

On 2007-10-30 Grant Donald wrote:
With PAT private IP addresses are hidden from the outside world. This
basically makes the job of hacking into a system more difficult,
because the original host's IP address and source port is unknown.

This is mere obscurity. It doesn't make a host any more or less secure
than it already is. Like I said before: either a host is secure, then it
doesn't matter if an attacker knows the address, or it isn't secure,
then you're "security" is based on the hope that an attacker won't
discover the host.

Depending on firewall capabilities (or lack of capabilities) ports may
need to be opened inbound for certain applications to work (e.g..
ident & pptp). A horizontal scan of such a network could produce a
wealth of knowledge, if that network does not support port address
translation.

Ummm... wot? Why would you want to allow any inbound connections into
your LAN? And how would an attacker be able to scan your network from
the outside? For some obscure reason you seem to assume that using
public IP addresses in your LAN means that the firewall at the perimeter
magically allows access from WAN to LAN. This assumption is wrong.

Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

Relevant Pages

  • Re: Event ID 529 Question
    ... Logon Failure: ... Caller User Name: SERVER01$ ... There is no "Mickey" user on our network, so it worries me that we have a hacker trying to get in using brute force logins as this occurred 45 times. ... Usually when you get this you see a source port and source IP Address, ...
    (microsoft.public.windows.server.sbs)
  • DTCPing works, but distributed transaction cannot be started
    ... New transaction cannot enlist in the ... Network Name: HOSTA1 ... Source Port: 5069 ...
    (microsoft.public.sqlserver.clustering)
  • WARNING:the CID values for both test machines are the same
    ... I keep getting a MSTDC error when refreshing the group in Biztalk. ... configured MSTSC as described by Microsoft on the Biztalk server but still ... Network Name: rb-2k3-node01 ... Source Port: 1028 ...
    (microsoft.public.biztalk.server)
  • Re: Access Denied error on Mapped Drives (Event ID 529)
    ... BTW - The 'Source port' number in the Event's starts at '0' and then jumps ... All other network PC's access the ... > In the Event Viewer on the SBS server, there are entries in the Security ... > Logon Process: NtLmSsp ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Efficient 5800 modem/router [Mailrelay]
    ... You would not know the source port. ... > #POP3 from WAN to LAN will be accepted ... > If i connect directly to the mailserver from my ISP i can send and receive ...
    (comp.security.firewalls)