Security Basics mailing list archives
Re: External Penetration Question
From: bloo () inkme org
Date: Tue, 8 Aug 2006 18:53:01 -0400
if you have port forwarding setup on the router for any applications, that is an easy way in.
if you can get a program on the internal system(s) via the web page method, for example, you have the internal machine dial-out to the attacking machine using netcat or the like.
same can be done via html email and poor configuration. b. On Aug 8, 2006, at 2:15 PM, Robert D. Holtz wrote:
They can some in any number of ways with HTTP being one of the primary vectors.All a user needs to do is hit a web page that triggers a download to the machine behind your firewall. It's all over but the crying at that point.Port 6667 (IRC) is another very common way in. -----Original Message----- From: thatch [mailto:leethatcher () gmail com] Sent: Tuesday, August 08, 2006 4:48 AM To: security-basics () securityfocus com Subject: External Penetration Question This may seem a bit basic but i'm struggling to get my head around the following concept:if i have a network and it's configured with a 10.x.x.x IP address scheme, it's sitting behind a firewall and all connections to the internet are NAT'd out. how could any PC's become exploited when the addresses of these are non-routable. after all, if an attacker is able to exploit a vulnerabilty in my firewall and gain access to that particular device i don't quite see how he or she could penetrate any further into the network than where the publicIP address stop.i've read plenty on this and will continue to do so but maybe i must havemissed a page because this seems to be the bit of the jigsaw that is missing. Can anyone explain or just provide me with a link. many thanks. -- View this message in context:http://www.nabble.com/External-Penetration-Question- tf2071662.html#a5703379Sent from the Security Basics forum at Nabble.com.---------------------------------------------------------------------- -----This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree,without disrupting your career or home life. http://www.msia.norwich.edu/secfocus---------------------------------------------------------------------- --------------------------------------------------------------------------- -----This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree,without disrupting your career or home life. http://www.msia.norwich.edu/secfocus---------------------------------------------------------------------- -----
--------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- External Penetration Question thatch (Aug 08)
- RE: External Penetration Question Robert D. Holtz (Aug 08)
- Re: External Penetration Question bloo (Aug 09)
- Re: External Penetration Question Chris Largret (Aug 08)
- <Possible follow-ups>
- Re: External Penetration Question krymson (Aug 08)
- Re: External Penetration Question thatch (Aug 10)
- Re: External Penetration Question crazy frog crazy frog (Aug 14)
- Re: External Penetration Question thatch (Aug 10)
- Re: External Penetration Question anonymous (Aug 08)
- RE: External Penetration Question David Gillett (Aug 09)
- RE: External Penetration Question Robert D. Holtz (Aug 08)