Re: Systems behind NAT - port scanning etc.

From:
Date: 10/28/02

• Next message: : "Re: Systems behind NAT - port scanning etc."
• Previous message: Anonymous: "Re: ZoneAlarm v3.1.395"
• In reply to: Melinda Shore: "Re: Systems behind NAT - port scanning etc."
• Next in thread: : "Re: Systems behind NAT - port scanning etc."
• Reply: : "Re: Systems behind NAT - port scanning etc."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 28 Oct 2002 21:59:15 GMT

Agreed.

That's the point I was making about router or firewall (whichever is
handling the NAT allocations) re-direction or mapping. It still potentially
leaves an internal host open. However, if there are no configured mappings,
then the machine is relatively safe from a direct penetration..

J.D.

--
Network Tiger Teams
"Because You Just Never Know Who's Sniffing Around In Your Information
Jungle"
www.networktiger.com
"Melinda Shore" <shore@panix.com> wrote in message
news:apkbds$6h3$1@panix2.panix.com...
> In article <Zdiv9.152766$La5.500001@rwcrnsc52.ops.asp.att.net>,
> Network Tiger Teams <information@networktiger.com> wrote:
> >If the internal (NAT'd) machine has no services or ports exposed to the
> >outside via router or firewall redirection, then no, it cannot be "seen"
by
> >any outside scanning or penetration attempts..
>
> It depends on the NAT type.  Hosts behind a full cone NAT
> are going to be vulnerable if any mappings, transient or
> not, are installed in the NAT.  Restricted cone NATs are
> safer and symmetric NATs are the safest, but restricted cone
> NATs are increasingly rare.  A NAT is no substitute for a
> firewall and proper application security.
> --
>      Melinda Shore - Software longa, hardware brevis - shore@panix.com
>           If you send me harassing email, I'll probably post it

---

• Next message: : "Re: Systems behind NAT - port scanning etc."
• Previous message: Anonymous: "Re: ZoneAlarm v3.1.395"
• In reply to: Melinda Shore: "Re: Systems behind NAT - port scanning etc."
• Next in thread: : "Re: Systems behind NAT - port scanning etc."
• Reply: : "Re: Systems behind NAT - port scanning etc."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: New modem and iptables... ... The router performs firewall and NAT functions ... If you want to persuade me it's a modem, ... it's a router and _it_ has your public Internet address. ... It also does NAT (otherwise you couldn't have a private IP address on ... (Fedora) Re: Would a firewall prevent Sasser worm? ... >> the same level of protection that I would have with any NAT router? ... >There are a variety of known attacks which can crash routers, ... >Firewall capability allows you to modify the NAT behaviour to allow selected ... (comp.security.misc) Re: Would a firewall prevent Sasser worm? ... >> the same level of protection that I would have with any NAT router? ... >There are a variety of known attacks which can crash routers, ... >Firewall capability allows you to modify the NAT behaviour to allow selected ... (comp.security.firewalls) Re: Would a firewall prevent Sasser worm? ... >> the same level of protection that I would have with any NAT router? ... >There are a variety of known attacks which can crash routers, ... >Firewall capability allows you to modify the NAT behaviour to allow selected ... (alt.computer.security) Re: IP Addressing ... Address of the ISA server? ... firewall and router). ... On the firewall create a static NAT entry as I wrote ... (comp.dcom.sys.cisco)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)