Penetrating NAT
From: Alu (
paket@shaw.ca)
Date: 01/20/02
From: Alu <paket@shaw.ca>
Date: Sat, 19 Jan 2002 23:16:47 GMT
A Slashdot post about a week ago claimed that it was fairly easy to
penetrate a NAT box by convincing it to translate addresses in the opposite
direction than originally intended. Does anyone know if this is true or
not, how it is done, and how to defend against it?
thanks
Relevant Pages
- Re: Penetrating NAT
... > penetrate a NAT box by convincing it to translate addresses in the opposite ...
(comp.os.linux.security) - Re: site2site ipsec with nat
... >connection to the 192.168.30.0 network needs to be translated first to ... that ACL is consistant with what you outlined. ... then translate it so that it has a 192.168.50/24 source ... nat with an access-list has a higher priority than nat without an ACL, ...
(comp.dcom.sys.cisco) - Re: [fw-wiz] NAT order help
... Is my rule for Static PAT right or i need to ... specify TCP/UDP ports to do a PAT? ... Is it possible to translate multiple ip's ... (identity nat), unless it is tcp traffic destined for 1.1.1.1 then it ...
(Firewall-Wizards) - Re: NAT Multicast question
... from address 172.24.2.34 but at the same time translate the unicast ... this sounds like a job for a policy nat. ... translated 172.24.2.34 to itself if an ACL was matched, ...
(comp.dcom.sys.cisco) - ip nat inside and outside at the same time.
... my goal is to do something like redirection. ... ip nat outside source static 192.168.200.1 192.168.250.1 ... What the rtrA is expected to do by me is to translate the destination address from 10.10.10.10 to 192.168.250.3 and at the same time to change source address from 192.168.200.1 in to 192.168.250.1. ... I reported an example with icmp protocol but it will ...
(comp.dcom.sys.cisco) |
|
