Re: Systems behind NAT - port scanning etc.
From: leemer (kcirelli@powernetworks.biz)Date: 10/29/02
- Next message: fast: "Re: Best firewall"
- Previous message: OttPak: "Firewall appliance for 2000 advanced server"
- In reply to: craig: "Systems behind NAT - port scanning etc."
- Next in thread: Melinda Shore: "Re: Systems behind NAT - port scanning etc."
- Reply: Melinda Shore: "Re: Systems behind NAT - port scanning etc."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "leemer" <kcirelli@powernetworks.biz> Date: Tue, 29 Oct 2002 02:11:31 GMT
Ok...to actually answer your question [snicker]
The above battle of wits proves basically 1 thing....
If you statically NAT an internal addressed machine (and service/port) to an
external address....that service/port that can be reached externally, is
subject to having whatever vulnerabilities that may be inherent to that
particular service exploited. Get it? So if your running an FTP server
inside.....and it's mapped statically to an external IP address, if that
version of FTP is vulnerable to some sort of remote attack, since you've
made it available to the outside world, you could see that box attacked.
Someone may be able to "root" your box if you are running a vulnerable
service...once there in....well it gets even more complicated from there.
To access a currently established session and "inject" internally
addressed(spoofed) packets and have them actually get to where you want them
to go..(and have them come back to you at an external location) ..there's
this really tricky thing to guess called tcp sequence numbers. They are
almost impossible to guess. You gotta be pretty damn good to do that and be
successful. It takes a helluva lot of knowledge of tcp/ip and crafting
packets and allot of complicated stuff to be successful. Chances are more to
the factor of NO that someone would even try. Try it for yourself and see
just how difficult it really is. One never knows.
The moral of the story...if you allow it to be accessed from the world...via
static 1-to-1 NAT...an internet user has a direct way in to potentially
exploit some running service. If not, your allot safer and less susceptible
to having someone directly accessing an internal machine from outside.
--- Everybody's an expert! ~«©¿©»~"craig" <craig.athome@virgin.net> wrote in message news:26ca3cec.0210281153.4817edca@posting.google.com... > Hi folks, > > sorry if this isn't the correct ng for NAT questions, had a look > around and it seemed the best option. > > Anyway, I was wondering, if you have a small network of privately > addressed systems accessing the internet via a NAT server, is it > possible to port scan or attempt to enumerate the privately addressed > systems? > > i.e. if you could establish the IP of the NAT server and a currently > assigned translated port number, will the NAT server pass traffic > through other than return traffic from this outbound connection? > > I can't see how this would be useful to an attacker for dynamic > translations, but it's just something I wondered about. > > TIA, > > Craig
- Next message: fast: "Re: Best firewall"
- Previous message: OttPak: "Firewall appliance for 2000 advanced server"
- In reply to: craig: "Systems behind NAT - port scanning etc."
- Next in thread: Melinda Shore: "Re: Systems behind NAT - port scanning etc."
- Reply: Melinda Shore: "Re: Systems behind NAT - port scanning etc."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
