Security Basics mailing list archives
Re: NAT external/Public IP
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Tue, 30 Oct 2007 18:04:08 +0100
On 2007-10-30 Grant Donald wrote:
With PAT private IP addresses are hidden from the outside world. This basically makes the job of hacking into a system more difficult, because the original host's IP address and source port is unknown.
This is mere obscurity. It doesn't make a host any more or less secure than it already is. Like I said before: either a host is secure, then it doesn't matter if an attacker knows the address, or it isn't secure, then you're "security" is based on the hope that an attacker won't discover the host.
Depending on firewall capabilities (or lack of capabilities) ports may need to be opened inbound for certain applications to work (e.g.. ident & pptp). A horizontal scan of such a network could produce a wealth of knowledge, if that network does not support port address translation.
Ummm... wot? Why would you want to allow any inbound connections into your LAN? And how would an attacker be able to scan your network from the outside? For some obscure reason you seem to assume that using public IP addresses in your LAN means that the firewall at the perimeter magically allows access from WAN to LAN. This assumption is wrong. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
Current thread:
- NAT external/Public IP smarts_buy (Oct 24)
- Re: NAT external/Public IP crazy frog crazy frog (Oct 25)
- Re: NAT external/Public IP Ansgar -59cobalt- Wiechers (Oct 25)
- RE: NAT external/Public IP Jason Alexander (Oct 25)
- RE: NAT external/Public IP Eric Furman (Oct 25)
- RE: NAT external/Public IP Jason Alexander (Oct 26)
- RE: NAT external/Public IP Grant Donald (Oct 29)
- Re: NAT external/Public IP Ansgar -59cobalt- Wiechers (Oct 29)
- Re: NAT external/Public IP Michael Painter (Oct 30)
- RE: NAT external/Public IP Grant Donald (Oct 30)
- Re: NAT external/Public IP Ansgar -59cobalt- Wiechers (Oct 30)
- RE: NAT external/Public IP Security Incidents (Oct 30)
- Re: NAT external/Public IP crazy frog crazy frog (Oct 31)
- RE: NAT external/Public IP Dan Lynch (Oct 31)
- Re: NAT external/Public IP Ansgar -59cobalt- Wiechers (Oct 25)
- Re: NAT external/Public IP crazy frog crazy frog (Oct 25)
- Re: NAT external/Public IP Chris Barber (Oct 25)
- RE: NAT external/Public IP Nick Vaernhoej (Oct 25)
- Re: NAT external/Public IP Ansgar -59cobalt- Wiechers (Oct 25)
- Re: NAT external/Public IP Brett (Oct 25)
- Re: NAT external/Public IP crazy frog crazy frog (Oct 25)
- Re: NAT external/Public IP Ansgar -59cobalt- Wiechers (Oct 25)