Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: attack on a computer behind a nat.

From: publists () enablesecurity com
Date: 11 Sep 2008 12:16:18 -0000
Most of the replies to this thread focused on forging of packets and so on. 

If what you want is to attack a computer behind NAT, then I suggest that you look at how real attackers do it. Many 
home networks or small businesses are behind NAT yet they still have plenty of security incidents, and the attackers 
almost never (to my knowledge) forge packets in order to gain access. Instead they either bounce off an internet facing 
service (as someone else mentioned) - like some remote access service, or hack the client. 

Client-side attacks are the most effective way of breaking through, and is what is being done in order to break into 
such networks. Therefore, I suggest that you take this approach if it is possible. Of course it always depends on the 
scope of your penetration test. 

Hope this helps 

Sandro Gauci
http://enablesecurity.com/ 

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: