Firewall Wizards mailing list archives
Re: detecting multihomed host
From: alexander lind <malte () webstay org>
Date: Fri, 1 Aug 2008 21:23:49 -0700
On Aug 1, 2008, at 8:47 PM, K K wrote:
On 7/14/08, alexander lind <malte () webstay org> wrote:Say that someone on the outside knows all of my 20 IP addresses. Is there any way that this person could detect that all 20 of these IP addresses arebound to my one machine inside my network?Yes, there are ways, some easier than others. Look at the various papers on enumerating hosts behind a NAT gateway, think of this as a sort of backwards variation on that question.
I have read up on what I could find about this, and it seems to me that the only really generic techniques to enumerate hosts behind the NAT relies on looking at the TTL field in the TCP packet. OpenBSDs PF can reset and/or randomize this field with its 'scrub' directive, so it seems to me this vulnerability would be blocked.
If you know of any other ways to detect a multihomed host behind a NAT, can you give me any other hints for what to google on?
Alec
Kevin
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- detecting multihomed host alexander lind (Aug 01)
- Re: detecting multihomed host Marcin Antkiewicz (Aug 04)
- Re: detecting multihomed host Paul D. Robertson (Aug 04)
- Re: detecting multihomed host K K (Aug 04)
- Re: detecting multihomed host alexander lind (Aug 04)
- Re: detecting multihomed host K K (Aug 04)
- Re: detecting multihomed host alexander lind (Aug 04)
- Re: detecting multihomed host Chuck Swiger (Aug 04)
- Re: detecting multihomed host alexander lind (Aug 04)
- Re: detecting multihomed host Marcin Antkiewicz (Aug 04)