|
Full Disclosure
mailing list archives
Re: NAT router inbound network traffic subversion
From: "raize" <raize () gravito com>
Date: Fri, 28 Jan 2005 17:52:29 +0000
Can anyone prove me wrong? Can someone push a rogue packet behind a router with no client interaction???
I don't claim to be an expert on this, and I'm actually kind of surprised no one has mentioned this yet to you but yes,
it is always possible. There is such a thing as "idlescanning" that does something kind of like this. It works very
well on NAT routers to expand the inhabitants on the other side. The players are A, Z, and T; attacker, zombie, and
target, respectively. There's a chart on the nmap page about it.
http://www.insecure.org/nmap/idlescan.html
hping is another tool that might work to accomplish what you are describing. The complication here is that you cannot
simply craft packets to arbitrarily send to those on the other side of a NAT router. But you can determine how many
clients are behind a NAT and spoof packets from them to the router and the router will craft packets in response. If
you could get the router to respond a particular way, you could possibly use that to your advantage in a DoS or other
malicious way. But the applications that would be succeptible to this must have been coded very poorly. Still,
supposing a personal firewall automatically blocks an IP if it sends a flood of requests, you could use this to make
the firewall block it's own router. This would result in a DoS for the user running the firewall, and it didn't involve
any interaction on their part.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
 By Date 
By Thread
Current thread:
- Re: NAT router inbound network traffic subversion, (continued)
|
Intro
