| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: raize at gravito.com (raize) Subject: Re: NAT router inbound network traffic subversion >Can anyone prove me wrong? Can someone push a rogue packet behind a router with no client interaction??? I don't claim to be an expert on this, and I'm actually kind of surprised no one has mentioned this yet to you but yes, it is always possible. There is such a thing as "idlescanning" that does something kind of like this. It works very well on NAT routers to expand the inhabitants on the other side. The players are A, Z, and T; attacker, zombie, and target, respectively. There's a chart on the nmap page about it. http://www.insecure.org/nmap/idlescan.html hping is another tool that might work to accomplish what you are describing. The complication here is that you cannot simply craft packets to arbitrarily send to those on the other side of a NAT router. But you can determine how many clients are behind a NAT and spoof packets from them to the router and the router will craft packets in response. If you could get the router to respond a particular way, you could possibly use that to your advantage in a DoS or other malicious way. But the applications that would be succeptible to this must have been coded very poorly. Still, supposing a personal firewall automatically blocks an IP if it sends a flood of requests, you could use this to make the firewall block it's own router. This would result in a DoS for the user running the firewall, and it didn't involve any interaction on their part.
Powered by blists - more mailing lists