Firewall Wizards mailing list archives

RE: NAT Pseudo Security

From: "Chris Carlson" <chris () compucounts com>
Date: Tue, 4 May 2004 12:41:51 -0400

My question is how vulnerable would that network be from outside

attacks?

In my expirence, fairly secure, but it all depends on what you're trying
to secure.  I wouldn't use it for anything larger than a very small
business with a handful of users; a SOHO.  To do only NAT, you would be
completely neglecting intrusion detection and internal security.  You
could be compromised either internally or externally and you would never
know.

Is there anyway an outside user would be able to utilize source

routing or another mechanism to attack an internally NAT'd host? 

Yes - A friend of mine used to play around with this all the time; I'm
not totally sure how it was done, but I know it didn't take long to get
around the NAT router.  I'm open to any recources that might describe
this in detail (hint hint :)  In any case, I would implement some sort
of filtering to prevent internal IPs from being used (as source or dest)
on the external side.  This should eliminate some of the more obvious
attacks, but I'm sure there are more that I'm not aware of.

Hope this helps

- Chris

-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Lee T.
Christie
Sent: Tuesday, May 04, 2004 10:25
To: firewall-wizards () honor icsalabs com
Subject: [fw-wiz] NAT Pseudo Security

I was wondering what everyone's thoughts were utilizing NAT as your only
security mechanism, for protection from the Internet.  I realize that
NAT was not designed for security purposes.  For instance, if network A
is connecting to the Internet behind a router performing NAT, no
incoming address or port forwarding, what are my risks, from outside
hosts?  The way I see it by implementing a SOHO firewall I gain a)
Ingress and Egress packet control b) Statefull inspection or proxy
inspection c) A potentially hardened OS on the unit d) Logging and
Reporting e) Secure management

My question is how vulnerable would that network be from outside
attacks?  Is there anyway an outside user would be able to utilize
source routing or another mechanism to attack an internally NAT'd host?


Thanks in advance for your responses.

Lee
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

RE: NAT Pseudo Security, (continued)
- - RE: NAT Pseudo Security Ben Nagy (May 05)
    - RE: NAT Pseudo Security Paul D. Robertson (May 05)
    - RE: NAT Pseudo Security Frank Knobbe (May 05)
    - RE: NAT Pseudo Security Paul D. Robertson (May 05)
    - RE: NAT Pseudo Security David Lang (May 06)
- Re: NAT Pseudo Security salgak (May 04)
  - VPN testing utility lordchariot (May 04)
  - Re: NAT Pseudo Security R. DuFresne (May 05)
- RE: NAT Pseudo Security Melson, Paul (May 04)
- RE: NAT Pseudo Security Sloane, David (May 04)
- RE: NAT Pseudo Security Chris Carlson (May 04)
- RE: NAT Pseudo Security Daniel Chemko (May 06)
  - RE: NAT Pseudo Security David Lang (May 06)
- RE: NAT Pseudo Security Melson, Paul (May 06)