Penetration Testing mailing list archives

Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions

From: Dug Song <dugsong () MONKEY ORG>
Date: Wed, 27 Sep 2000 15:22:45 -0400

On Wed, 27 Sep 2000, Leon Rosenstein wrote:

Is there anyway to circumvent this firewall (or any firewalls that employ
NAT and SPI as there primary defense mechanisms?)


sure, see our recent analysis of Check Point FireWall-1:

        http://www.dataprotect.com/bh2000/

other stateful inspection firewalls (like Cisco PIX) or firewalls with VPN
support probably have similar problems. we just didn't have access to any
others for testing...

-d.

---
http://www.monkey.org/~dugsong/

Current thread:

[PEN-TEST] NAT / Stateful Packet Inspection Questions Leon Rosenstein (Sep 27)
- Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions Jose Nazario (Sep 27)
- Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions David Pick (Sep 27)
- Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions Deri Jones (Sep 27)
- Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions Andre Delafontaine (Sep 27)
- Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions Dug Song (Sep 27)
- <Possible follow-ups>
- Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions Loschiavo, Dave (Sep 29)
  - Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions Fred Mobach (Sep 29)