Re: testing for IP address space leakage in NAT systems

[R P G <inittab () jtan com>]

On Mon, 21 Jan 2002, Vladimir Parkhaev wrote:

> Quoting R P G (inittab () jtan com):
> > I was wondering if anyone knows of a method to test a NAT system for
> > address space leakage.
> >
> > Thanks.
> >
> > --Bob
>
> I would recommend to go up to the application layer.
> You will be surprised how much headers of a bounced
> email message will tell you.

Yes, very true.  I don't know of any NAT system that'll keep application
level info sanitized.  What I am most concerned about is how well a NAT
system does at keeping RFC1918 IP info from leaking at the network level.
Often times servers are running in private address space and their
services are redirected through a NAT.  On many occasions my firewall has
caught instances of leakage from these types of NATed systems.  The only
way I can think of detecting this is to setup a tcpdump session on the
outside, very close to the NAT, looking for leaking RFC1918 IP's.





----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/