Penetration Testing mailing list archives
Re: testing for IP address space leakage in NAT systems
From: Iván Arce <core.lists.pentest () core-sdi com>
Date: Mon, 21 Jan 2002 20:44:54 -0300
Hi, this is just an idea , i havent had time to actually test it, so... I would try using IP fragmentation or TCP reassembly tricks with protocols that require payload rewriting at the NAT device. An example of this would be FTP control messages. It proved usefull to open holes thru packet filtering firewalls with stateful inspection so it might as well work for obtaining internal adresses. Pointers to related stuff: http://www.securityfocus.com/bid/1045 Cool stuff presented by Tomas Lopatic,John MacDonald and Dug Song at BlackHat Briefings LV 2000: http://www.blackhat.com/presentations/bh-usa-00/Song-McDonald-Lopatic/Song_M cDonald_lopatic.ppt FW-1 http://www.securityfocus.com/bid/1054 PIX http://www.securityfocus.com/bid/1877 http://www.securityfocus.com/bid/1698 then again a simple email would be equally usefull -ivan --- "Understanding. A cerebral secretion that enables one having it to know a house from a horse by the roof on the house, Its nature and laws have been exhaustively expounded by Locke, who rode a house, and Kant, who lived in a horse." - Ambrose Bierce Ivan Arce CTO CORE SECURITY TECHNOLOGIES 44 Wall Street - New York, NY 10005 Ph: (212) 461-2345 Fax: (212) 461-2346 http://www.corest.com PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836 B25D 207B E78E 2AD1 F65A ----- Original Message ----- From: R P G <core.lists.pentest () core-sdi com> Newsgroups: core.lists.pentest To: <pen-test () securityfocus com> Sent: Monday, January 21, 2002 2:02 PM Subject: testing for IP address space leakage in NAT systems
I was wondering if anyone knows of a method to test a NAT system for address space leakage. Thanks. --Bob --------------------------------------------------------------------------
--
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please
see:
https://alerts.securityfocus.com/
--- for a personal reply use: =?iso-8859-1?Q?Iv=E1n_Arce?= <ivan.arce () corest com> ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Re: Medium Scale Scanning Best Practices, (continued)
- Re: Medium Scale Scanning Best Practices Renaud Deraison (Jan 17)
- Re: Medium Scale Scanning Best Practices miguel . dilaj (Jan 15)
- RE: Medium Scale Scanning Best Practices Aleksander P. Czarnowski (Jan 16)
- Re: Medium Scale Scanning Best Practices John Malconian (Jan 18)
- Re: Medium Scale Scanning Best Practices Troy Davis (Jan 19)
- testing for IP address space leakage in NAT systems R P G (Jan 21)
- Re: testing for IP address space leakage in NAT systems R. DuFresne (Jan 21)
- Re: testing for IP address space leakage in NAT systems Frank (Jan 21)
- Re: testing for IP address space leakage in NAT systems Thomas Reinke (Jan 21)
- Re: testing for IP address space leakage in NAT systems Gamble (Jan 22)
- Re: testing for IP address space leakage in NAT systems Iván Arce (Jan 22)
- Message not available
- Re: testing for IP address space leakage in NAT systems Chris Keladis (Jan 22)