Penetration Testing mailing list archives

Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions

From: Jose Nazario <jose () BIOCSERVER BIOC CWRU EDU>
Date: Wed, 27 Sep 2000 12:04:02 -0400

On Wed, 27 Sep 2000, Leon Rosenstein wrote:

Is there anyway to circumvent this firewall (or any firewalls that
employ NAT and SPI as there primary defense mechanisms?)  Is there
anyway to get direct access to the server?  I have port scanned the
router and found listening ports and remote administration software
but I am curious as to how one could circumvent the firewall (if this
is done through hijacking the router I would be curious about that
also).


NAT would be difficult, but SPI has had recent problems. check some of the
firewall testing tools from dugsong:    

        http://www.monkey.org/~dugsong/

like ozone and such. have some fun.

jose nazario                                    jose () biochemistry cwru edu
PGP fingerprint: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
Public key available at http://biocserver.cwru.edu/~jose/pgp-key.asc

Current thread:

[PEN-TEST] NAT / Stateful Packet Inspection Questions Leon Rosenstein (Sep 27)
- Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions Jose Nazario (Sep 27)
- Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions David Pick (Sep 27)
- Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions Deri Jones (Sep 27)
- Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions Andre Delafontaine (Sep 27)
- Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions Dug Song (Sep 27)
- <Possible follow-ups>
- Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions Loschiavo, Dave (Sep 29)
  - Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions Fred Mobach (Sep 29)