Penetration Testing mailing list archives
Re: bypassing firewalls with NAT
From: crazy frog crazy frog <i.m.crazy.frog () gmail com>
Date: Tue, 18 Oct 2005 04:10:16 +0530
chris. can u give more info on firewall bypassing? regards, On 10/16/05, Chris Brenton <cbrenton () chrisbrenton org> wrote:
On Sat, 2005-10-15 at 09:38 +0100, hannibal blog wrote:I'm wondering how can we pass through a firewall that is using Network Adress Translation for the internal network?Spend some time reading up on loose source routing (LSR). I've found that some of the cheap/home NAT based firewalls I've tested (about half in a study I did 3 years ago) can be traversed by bouncing LSR packets off of them. High end firewalls are pretty safe, but some still have issues. For example I *think* it was Netscreen firewall I ran into problems with during a pen test. LSR packets trying to bounce off the firewall were correctly dropped, but LSR packets attempting to bounce off of an internal host were permitted through. This let me LSR TCP/80 packets off of an internal Web server and redirect them to TCP/80 used to manage an internal switch.Is firewalk still useful in this case ?Not really. Firewalk needs access to the final IP in order to produce accurate data. Of course that begs the question, "Can you firewalk LSR packets?". hummm..... ;-) HTH, Chris ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
-- ting ding ting ding ting ding ting ding ting ding ding i m crazy frog :) ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- bypassing firewalls with NAT hannibal blog (Oct 15)
- Re: bypassing firewalls with NAT Chris Brenton (Oct 15)
- Re: bypassing firewalls with NAT crazy frog crazy frog (Oct 18)
- Re: bypassing firewalls with NAT Chris Brenton (Oct 15)