Home page logo

firewall-wizards logo Firewall Wizards mailing list archives

Re: detecting multihomed host
From: alexander lind <malte () webstay org>
Date: Fri, 1 Aug 2008 21:23:49 -0700

On Aug 1, 2008, at 8:47 PM, K K wrote:
On 7/14/08, alexander lind <malte () webstay org> wrote:
Say that someone on the outside knows all of my 20 IP addresses. Is there any way that this person could detect that all 20 of these IP addresses are
bound to my one machine inside my network?

Yes, there are ways, some easier than others.

Look at the various papers on enumerating hosts behind a NAT gateway,
think of this as a sort of backwards variation on that question.

I have read up on what I could find about this, and it seems to me that the only really generic techniques to enumerate hosts behind the NAT relies on looking at the TTL field in the TCP packet. OpenBSDs PF can reset and/or randomize this field with its 'scrub' directive, so it seems to me this vulnerability would be blocked.

If you know of any other ways to detect a multihomed host behind a NAT, can you give me any other hints for what to google on?



firewall-wizards mailing list
firewall-wizards () listserv icsalabs com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]