Snort mailing list archives
NAT penetration techniques
From: "Basil Saragoza" <snortlst () hotmail com>
Date: Tue, 5 Mar 2002 18:24:30 -0500
I'm not really sure this forum is a plcae to ask those questions, but maybe you can give me a hint... I run 2 snort sensors: first sniffs traffic coming to public ip of the firewall, second sniffs the lan ip of the firewall, so I can see which traffic comes from the internet and which one is actually penetrated inside my lan through firewall. I shellcode atacks and other icmp activity that are directed to computers inside my lan - some workstations let'say. Some of those workstations have dhcp ip address and some have static (from 10.0.0.x range).Those workstations ip addresses use hidden NAT when they go to internet and outside worls has knowledge of the hidden nat ip address but not of teh particular 10.something address.That's my understanding..... In snort I see attackes directed to 10.0.0.x addresses. HOW OUTSIDE WORLD ATTACKERS CAN KNOW WHICH IP ADDRESSES I USE INTERNALLY AND HOW CAN THEY ATTACK THOSE WORKSTATIONS, DO THEY BYPASS NAT SOMEHOW? thx. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- NAT penetration techniques Basil Saragoza (Mar 05)
- <Possible follow-ups>
- RE: NAT Penetration Techniques Jeff DuVall (Mar 06)
- Re: RE: NAT Penetration Techniques Basil Saragoza (Mar 06)
- Re: RE: NAT Penetration Techniques J. Craig Woods (Mar 06)
- Re: RE: NAT Penetration Techniques Basil Saragoza (Mar 06)
- Re: RE: NAT Penetration Techniques Jeff DuVall (Mar 06)