Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

pen-test logo Penetration Testing mailing list archives

Re: attack on a computer behind a nat.
From: "fleetscribbler () socket net" <fleetscribbler () socket net>
Date: Tue, 09 Sep 2008 14:27:22 -0400
Michael,

 I'm unsure of the intended target, but personally, I would start by
looking for remote administration access to whatever device is
performing NAT. Generally speaking, if remote access is enabled, simply
brute-forcing an account is usually sufficient to gain you proximity.

From there, one could port forward to the machine inside - although it

may not have any services running that could be exploited. With access
to the routing device, one could also tamper w/ DNS (depending upon the
users config), setup a bogus DNS server that returns an A record for a
machine under your control, and have at it.

 Also, a large number of smaller providers tend to forget about SNMP
when sending out CPE to customers. (I'm referring to DSL customers
mostly, although I've seen this w/ cable customers too). SNMP polling
using the "public" community string tends to give worthy information -
connected devices, uptime, octets xferered/received, possibly connection
tracking information (Don't quote me on that last one though). With
connection tracking information and proximity, you _might_ be able to do
something - I personally wouldn't waste my time on it.

 You might also check out
http://www.phrack.com/issues.html?issue=65&id=5  for an idea as to how
NAT handles passive FTP, IRC DCC, SIP, TFTP, etc..

 That's a few things off the top of my head... as far as actually
performing the attack - think about your motive for asking the question
in the first place. Whatever your beef is - I'd probably let it go.

-madsara

Michael Kitange wrote:

hi, list.
is there any way to send an attack to a computer behind a nat box?
possibly modify a packet header, i know the ip that the computer is
using behind the nat. any help is appreciated.




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]