Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Learn from history?

From: "Serge van Ginderachter (svgn)" <svgn () orbid be>
Date: Thu, 6 May 2004 21:54:54 +0200


From: Andrew Simmons 

do you have any idea how much small businesses have just a 

NAT router

instead of a real firewall?


in what way is a nat box *not* a stateful firewall?


First, I don't believe I said they weren't. Depends on which 'box' we're
talking. Some simple SMC or USRobotics router vs. e.g. IPCop etc.

Secondly, that was not the problem I was referring to. The problem with what
I understood by a NAT box, is the fact they generally do not allow outbound
filtering, meaning a hacker who made a first step inside, has all ports open
to backfire command shell, download some hack tools etc.

Simple example: a cracker sends you a mail with an url you should click. The
url is not 'http://server/&apos; but \\server\share, which you might not notice.
With such a simple trick he can have a netbios session and read out a whole
lot of information about your system. Now with outbound filtering that could
be stopped. Which is definitely not possible with a simple NAT box.

Everyone know NETBIOS must be blocked incoming. Now I hope you understand
why it should be blocked outgoing also.


Serge

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: