Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Request for feedback on ip-nat

From: "Joris L." <jorislambrecht () pandora be>
Date: Wed, 04 Feb 2004 22:23:35 +0100
Op di 03-02-2004, om 21:33 schreef Shawn Jackson:

From: Joris L. [mailto:jorislambrecht () pandora be]
I'm currently investigating possible reasons for client-programs 
to a im network to disconnect for no real apparent reason. What 
could be the possible causes, what could cause a time-out to 
occur ? 


Some 'cheap' NAT boxes will clear their connection cache, or at
least the oldest connections, to conserve memory. I've noticed
this on older Netgear and some linksys boxes at busy offices.



I'm using Linux with iptables. For my home-fw i have no issues with
this. I've even tried-out switching hardware because of possible
link-layer/framing issues but that doesn't seem to be an option.


Additionally some real cheap boxes have a limitation to the
actual number of NAT connections they can route. I don't
know the detail of the MSN protocol, but it could be experience
a timeout due to latency.



That's worth investigating, i'll check that.


Does is die under use? Or while it's idle? Are you connecting
to the I-Net or to another network? Are there any security
policies in place on the NAT box? Is the NAT box a firewall?
What model/type?



No, it is quite a performant box but there's indeed some issue wich is
pretty awkward to get hold of. The nat-box is set up for ip-masquerading
with the iptables firewall for policy, all is running on the same
machine.


Shawn Jackson
Systems Administrator
Horizon USA
1190 Trademark Dr #107
Reno NV 89521

www.horizonusa.com
Email: sjackson () horizonusa com
Phone: (775) 858-2338
             (800) 325-1199 x338





Thanks.

J.


---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: