lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
From: megaboy at libero.it (mega)
Subject: Re: NAT router inbound network traffic
 subversionouter inbound network traffic subversion

You said:
HOW IS THIS NOT USER INTERACTION?!?!?  I asked if there is a computer on
the internal network that doesn't do anything -- that means SENDING NO
PACKETS to the router -



If my english's not so bad,i think:

"Somebody already answered:"

>> Now, I wouldn't place all my bets on his answer and I am calling on
>> someone out there to clear up my question.  If NAT really does only
>> allow inbound connections with a preliminary request as he suggests, it
>> seems that the only way to get an "unauthorized" packet behind the
>> router is by some flaw in the firmware of the device.
>
>
> If you are not offering any services to the Internet, yes. If you are, 
> then you have ports open on the router, redirecting to real machines, 
> which may be running software which can be exploited.
> Now, I wouldn't place all my bets on his answer and I am calling on
> someone out there to clear up my question.  If NAT really does only
> allow inbound connections with a preliminary request as he suggests, it
> seems that the only way to get an "unauthorized" packet behind the
> router is by some flaw in the firmware of the device.


*If you are not offering any services to the Internet, yes. If you are, 
then you have ports open on the router, redirecting to real machines, 
which may be running software which can be exploited.*


However ... i'm reading on an italian e-zine an article sentencing that:
NAT is not a security feature.
Sorry, it's in italian and don't have time to translate it. It explain 
some way to pass a router's NAT... maybe you can translate it using some 
net translator or better finding an english version of that.
Here you are, however: http://www.s0ftpj.org/bfi/dev/BFi13-dev-17

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ