Full Disclosure mailing list archives
Re: NAT router inbound network traffic subversion
From: "morning_wood" <se_cur_ity () hotmail com>
Date: Fri, 28 Jan 2005 03:32:20 -0800
scenario... NAT client browses web... NAT client initates a HTTP request to do this... ROUTER returns the request to NAT client... ( normal activity ) attacker website exploits client browser... exploit drops and executes "badfile.exe" "badfile.exe" hooks iexplore.exe... "badfile.exe" is 'reverse connecting trojan'... "badfile.exe" initiates a HTTP request to do this... attacker's "badfile.exe"' 'client' is waiting with a HTTP server... the new hooked browser initiates a HTTP request to the attacker. NAT client is now connected to the attacker through the ROUTER ( kinda like browsing the web huh? ) attacker now has unrestricted packet via the NAT client, that is where ??? BEHIND YOUR ROUTER atacker now can do a he wishes to the rest of your network ( GAME OVER ) Cheers, m.w _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- NAT router inbound network traffic subversion Kristian Hermansen (Jan 28)
- Re: NAT router inbound network traffic subversion morning_wood (Jan 28)
- Re: NAT router inbound network traffic subversion Joe (Jan 28)
- Re: NAT router inbound network traffic subversion Darren Bounds (Jan 28)
- <Possible follow-ups>
- Re: NAT router inbound network traffic subversion Kristian Hermansen (Jan 28)
- Re: NAT router inbound network traffic subversion bart2k (Jan 28)
- Re: NAT router inbound network traffic subversion Bart . Lansing (Jan 28)
- RE: NAT router inbound network traffic subversion Mark Senior (Jan 28)
- Re: NAT router inbound network traffic subversion raize (Jan 28)