Full Disclosure mailing list archives
Re: NAT router inbound network traffic subversion
From: Kristian Hermansen <khermansen () ht-technology com>
Date: Fri, 28 Jan 2005 10:37:02 -0500
I think the answers that I received in response to my query are somewhat obvious -- yes -- but neither answered my question! Morning Wood's analysis was brilliant as ever, like always ;-P "atacker now can do a he wishes to the rest of your network ( GAME OVER )" Ummm...okay. The problem with you was this statement: "NAT client browses web..." HOW IS THIS NOT USER INTERACTION?!?!? I asked if there is a computer on the internal network that doesn't do anything -- that means SENDING NO PACKETS to the router -- if an attacker can get EVEN ONE PACKET inside: then they will prove everyone wrong, right? If one packet can get through, it can be considered a rogue packet that should not have entered the internal network destined for a particular host -- or better yet -- an internal broadcast address going to all hosts. Some say getting these rogue packets into the network is "impossible". That is the reason for my question. I like to think that most problems are "intractable", but not "impossible". Can anyone prove me wrong? Can someone push a rogue packet behind a router with no client interaction??? This is my chautauqua... -- Kristian Hermansen <khermansen () ht-technology com>
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- NAT router inbound network traffic subversion Kristian Hermansen (Jan 28)
- Re: NAT router inbound network traffic subversion morning_wood (Jan 28)
- Re: NAT router inbound network traffic subversion Joe (Jan 28)
- Re: NAT router inbound network traffic subversion Darren Bounds (Jan 28)
- <Possible follow-ups>
- Re: NAT router inbound network traffic subversion Kristian Hermansen (Jan 28)
- Re: NAT router inbound network traffic subversion bart2k (Jan 28)
- Re: NAT router inbound network traffic subversion Bart . Lansing (Jan 28)
- RE: NAT router inbound network traffic subversion Mark Senior (Jan 28)
- Re: NAT router inbound network traffic subversion raize (Jan 28)