Penetration Testing mailing list archives
Re: attack on a computer behind a nat.
From: "fleetscribbler () socket net" <fleetscribbler () socket net>
Date: Tue, 09 Sep 2008 14:27:22 -0400
Michael, I'm unsure of the intended target, but personally, I would start by looking for remote administration access to whatever device is performing NAT. Generally speaking, if remote access is enabled, simply brute-forcing an account is usually sufficient to gain you proximity.
From there, one could port forward to the machine inside - although it
may not have any services running that could be exploited. With access to the routing device, one could also tamper w/ DNS (depending upon the users config), setup a bogus DNS server that returns an A record for a machine under your control, and have at it. Also, a large number of smaller providers tend to forget about SNMP when sending out CPE to customers. (I'm referring to DSL customers mostly, although I've seen this w/ cable customers too). SNMP polling using the "public" community string tends to give worthy information - connected devices, uptime, octets xferered/received, possibly connection tracking information (Don't quote me on that last one though). With connection tracking information and proximity, you _might_ be able to do something - I personally wouldn't waste my time on it. You might also check out http://www.phrack.com/issues.html?issue=65&id=5 for an idea as to how NAT handles passive FTP, IRC DCC, SIP, TFTP, etc.. That's a few things off the top of my head... as far as actually performing the attack - think about your motive for asking the question in the first place. Whatever your beef is - I'd probably let it go. -madsara Michael Kitange wrote:
hi, list. is there any way to send an attack to a computer behind a nat box? possibly modify a packet header, i know the ip that the computer is using behind the nat. any help is appreciated.
------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- attack on a computer behind a nat. Michael Kitange (Sep 09)
- Re: attack on a computer behind a nat. fleetscribbler () socket net (Sep 09)
- RE: attack on a computer behind a nat. Alex Eden (Sep 09)
- Re: attack on a computer behind a nat. Mark Owen (Sep 09)
- attack on a computer behind a nat. Michael Kitange (Sep 09)
- Re: attack on a computer behind a nat. Krugger (Sep 10)
- Re: attack on a computer behind a nat. David Howe (Sep 10)
- Re: attack on a computer behind a nat. Shreyas Zare (Sep 12)
- Re: attack on a computer behind a nat. David Howe (Sep 12)
- Re: attack on a computer behind a nat. Mark Owen (Sep 09)
- <Possible follow-ups>
- Re: attack on a computer behind a nat. Christian Eric EDJENGUELE (Sep 09)
- Re: attack on a computer behind a nat. publists (Sep 12)