lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050128175229.25042.qmail@hoster903.com>
From: raize at gravito.com (raize)
Subject: Re: NAT router inbound network traffic subversion

>Can anyone prove me wrong? Can someone push a rogue packet behind a router with no client interaction???

I don't claim to be an expert on this, and I'm actually kind of surprised no one has mentioned this yet to you but yes, it is always possible. There is such a thing as "idlescanning" that does something kind of like this. It works very well on NAT routers to expand the inhabitants on the other side. The players are A, Z, and T; attacker, zombie, and target, respectively. There's a chart on the nmap page about it.

http://www.insecure.org/nmap/idlescan.html

hping is another tool that might work to accomplish what you are describing. The complication here is that you cannot simply craft packets to arbitrarily send to those on the other side of a NAT router. But you can determine how many clients are behind a NAT and spoof packets from them to the router and the router will craft packets in response. If you could get the router to respond a particular way, you could possibly use that to your advantage in a DoS or other malicious way. But the applications that would be succeptible to this must have been coded very poorly. Still, supposing a personal firewall automatically blocks an IP if it sends a flood of requests, you could use this to make the firewall block it's own router. This would result in a DoS for the user running the firewall, and it didn't involve any interaction on their part.

Powered by blists - more mailing lists